Skip to main content

Endpoint Security Posture Assessment: Enterprise Use Cases

Approval announcement
Draft of message to be sent after approval:


From: The IESG <>
To: IETF-Announce <>
Cc: RFC Editor <>,
    sacm mailing list <>,
    sacm chair <>
Subject: Document Action: 'Endpoint Security Posture Assessment - Enterprise Use Cases' to Informational RFC (draft-ietf-sacm-use-cases-10.txt)

The IESG has approved the following document:
- 'Endpoint Security Posture Assessment - Enterprise Use Cases'
  (draft-ietf-sacm-use-cases-10.txt) as Informational RFC

This document is the product of the Security Automation and Continuous
Monitoring Working Group.

The IESG contact persons are Stephen Farrell and Kathleen Moriarty.

A URL of this Internet Draft is:

Ballot Text

Technical Summary

  This memo documents a sampling of use cases for securely aggregating
  configuration and operational data and evaluating that data to
  determine an organization's security posture.  From these operational
  use cases, we can derive common functional capabilities and
  requirements to guide development of vendor-neutral, interoperable
  standards for aggregating and evaluating data relevant to security

Working Group Summary

  The working group paid a lot of attention to this document because it 
  was considered as important for the definition of the scope, requirements
  and solution architecture for SACM. It was reviewed carefully and discussed
  in details in meetings and on the mail list by a large number of participants. 
  The resulting work reflects a solid consensus.  

Document Quality

  The draft describes use cases and is informational, so it has not been 
  implemented, but does demonstrate consensus of the working group
  of which, many have plans to implement.

  There is a sound interest in SACM, and this is the first WG document. The reviews
  and discussions were solid and in depth. Using some kind of formal language
  was considered but eventually the WG had strong consensus for the current
  (plain English) ways of expressing the use cases. Subsequent drafts in SACM 
  reference this use case draft, including the requirements and architecture drafts.


  Dan Romascanu is the document shepherd. 
  Kathleen Moriarty is the responsible AD. 

RFC Editor Note