Security Automation and Continuous Monitoring (SACM) Requirements
draft-ietf-sacm-requirements-15

Document Type Active Internet-Draft (sacm WG)
Last updated 2017-03-07 (latest revision 2016-12-27)
Stream IETF
Intended RFC status (None)
Formats plain text xml pdf html bibtex
Stream WG state Submitted to IESG for Publication May 2015 Jul 2015
Doc Shepherd Follow-up Underway
Document shepherd Karen O'Donoghue
Shepherd write-up Show (last changed 2016-11-14)
IESG IESG state AD is watching
Consensus Boilerplate Unknown
Telechat date
Responsible AD Kathleen Moriarty
Send notices to "Karen O'Donoghue" <odonoghue@isoc.org>
SACM                                                       N. Cam-Winget
Internet-Draft                                             Cisco Systems
Intended status: Informational                               L. Lorenzin
Expires: June 30, 2017                                      Pulse Secure
                                                       December 27, 2016

   Security Automation and Continuous Monitoring (SACM) Requirements
                    draft-ietf-sacm-requirements-15

Abstract

   This document defines the scope and set of requirements for the
   Secure Automation and Continuous Monitoring (SACM) architecture, data
   model and transport protocols.  The requirements and scope are based
   on the agreed upon use cases.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on June 30, 2017.

Copyright Notice

   Copyright (c) 2016 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Cam-Winget & Lorenzin     Expires June 30, 2017                 [Page 1]
Internet-Draft              Abbreviated Title              December 2016

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
     1.1.  Requirements Language . . . . . . . . . . . . . . . . . .   3
   2.  Requirements  . . . . . . . . . . . . . . . . . . . . . . . .   3
     2.1.  Requirements for SACM . . . . . . . . . . . . . . . . . .   4
     2.2.  Requirements for the Architecture . . . . . . . . . . . .   7
     2.3.  Requirements for the Information Model  . . . . . . . . .   8
     2.4.  Requirements for the Data Model . . . . . . . . . . . . .   9
     2.5.  Requirements for Data Model Operations  . . . . . . . . .  12
     2.6.  Requirements for SACM Transport Protocols . . . . . . . .  14
   3.  Acknowledgements  . . . . . . . . . . . . . . . . . . . . . .  15
   4.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .  15
   5.  Security Considerations . . . . . . . . . . . . . . . . . . .  15
     5.1.  Trust between Provider and Requestor  . . . . . . . . . .  16
     5.2.  Privacy Considerations  . . . . . . . . . . . . . . . . .  17
   6.  Change Log  . . . . . . . . . . . . . . . . . . . . . . . . .  17
     6.1.  -05 to -06  . . . . . . . . . . . . . . . . . . . . . . .  17
   7.  References  . . . . . . . . . . . . . . . . . . . . . . . . .  18
     7.1.  Normative References  . . . . . . . . . . . . . . . . . .  18
     7.2.  Informative References  . . . . . . . . . . . . . . . . .  18
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  18

1.  Introduction

   Today's environment of rapidly-evolving security threats highlights
   the need to automate the sharing of security information (such as
   posture information) while protecting user information as well as the
   systems that store, process, and transmit this information.  Security
   threats can be detected in a number of ways.  SACM's charter focuses
   on how to collect and share this information based on use cases that
   involve posture assessment of endpoints.

   Scalable and sustainable collection, expression, and evaluation of
   endpoint information is foundational to SACM's objectives.  To secure
   and defend a network, one must reliably determine what devices are on
   the network, how those devices are configured from a hardware
   perspective, what software products are installed on those devices,
   and how those products are configured.  We need to be able to
   determine, share, and use this information in a secure, timely,
   consistent, and automated manner to perform endpoint posture
Show full document text