Security Automation and Continuous Monitoring (SACM) Requirements
draft-ietf-sacm-requirements-18

Document Type Active Internet-Draft (sacm WG)
Last updated 2017-08-07 (latest revision 2017-08-01)
Stream IETF
Intended RFC status Informational
Formats plain text xml pdf html bibtex
Reviews
Stream WG state Submitted to IESG for Publication (wg milestones: May 2015 - Complete WGLC of SAC..., Jul 2015 - Submit SACM Requirem... )
Document shepherd Karen O'Donoghue
Shepherd write-up Show (last changed 2017-05-07)
IESG IESG state RFC Ed Queue
Consensus Boilerplate Yes
Telechat date
Responsible AD Kathleen Moriarty
Send notices to "Karen O'Donoghue" <odonoghue@isoc.org>
IANA IANA review state Version Changed - Review Needed
IANA action state No IC
RFC Editor RFC Editor state EDIT
SACM                                                       N. Cam-Winget
Internet-Draft                                             Cisco Systems
Intended status: Informational                               L. Lorenzin
Expires: February 2, 2018                                   Pulse Secure
                                                          August 1, 2017

   Security Automation and Continuous Monitoring (SACM) Requirements
                    draft-ietf-sacm-requirements-18

Abstract

   This document defines the scope and set of requirements for the
   Secure Automation and Continuous Monitoring (SACM) architecture, data
   model and transfer protocols.  The requirements and scope are based
   on the agreed upon use cases ([RFC7632]).

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on February 2, 2018.

Copyright Notice

   Copyright (c) 2017 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Cam-Winget & Lorenzin   Expires February 2, 2018                [Page 1]
Internet-Draft              SACM Requirements                August 2017

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
     1.1.  Requirements Language . . . . . . . . . . . . . . . . . .   3
   2.  Requirements  . . . . . . . . . . . . . . . . . . . . . . . .   3
     2.1.  Requirements for SACM . . . . . . . . . . . . . . . . . .   4
     2.2.  Requirements for the Architecture . . . . . . . . . . . .   7
     2.3.  Requirements for the Information Model  . . . . . . . . .   9
     2.4.  Requirements for the Data Model . . . . . . . . . . . . .  10
     2.5.  Requirements for Data Model Operations  . . . . . . . . .  12
     2.6.  Requirements for SACM Transfer Protocols  . . . . . . . .  14
   3.  Acknowledgments . . . . . . . . . . . . . . . . . . . . . . .  15
   4.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .  15
   5.  Security Considerations . . . . . . . . . . . . . . . . . . .  15
     5.1.  Trust between Provider and Requestor  . . . . . . . . . .  16
     5.2.  Privacy Considerations  . . . . . . . . . . . . . . . . .  17
   6.  References  . . . . . . . . . . . . . . . . . . . . . . . . .  18
     6.1.  Normative References  . . . . . . . . . . . . . . . . . .  18
     6.2.  Informative References  . . . . . . . . . . . . . . . . .  18
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  19

1.  Introduction

   Today's environment of rapidly-evolving security threats highlights
   the need to automate the sharing of security information (such as
   posture information) while protecting user information and the
   systems that store, process, and transmit this information.  Security
   threats can be detected in a number of ways.  The Secure Automation
   and Continuous Monitoring (SACM) charter focuses on how to collect
   and share this information based on use cases that involve posture
   assessment of endpoints.

   Scalable and sustainable collection, expression, and evaluation of
   endpoint information is foundational to SACM's objectives.  To secure
   and defend a network, one must reliably determine what devices are on
   the network, how those devices are configured from a hardware
   perspective, what software products are installed on those devices,
   and how those products are configured.  We need to be able to
   determine, share, and use this information in a secure, timely,
   consistent, and automated manner to perform endpoint posture
   assessments.

   This document focuses on describing the requirements for facilitating
Show full document text