Prospective Architecture for SACM

Document Type Expired Internet-Draft (individual)
Authors Jim Schaad  , David Waltermire 
Last updated 2017-05-04 (latest revision 2016-10-31)
Stream (None)
Intended RFC status (None)
Expired & archived
pdf htmlized (tools) htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


This document describes the high level architecture for Security Automation and Continuous Monitoring (SACM). The architecture identifies the components that provide for the collection, storage, dissemination, and evaluation of posture information. This architecture also describes the interfaces and associated operations that define the interactions between these components. This information will inform future engineering work around identifying existing standards for collecting, storing, disseminating, and evaluating endpoint posture information. This architecture will also help in identifying standardization gaps that require new engineering effort. Security practitioners need to request, analyze, and aggregate posture information from disparate sources that use differing means to identify endpoints, hardware, software, and configurations. This task is made harder by the large number of different protocols and formats needed to bring together all of this information into a single view. This architecture provides a means to automatically gather posture data together for standardized dissemination to downstream components. This allows security practitioners that leverage this architecture to focus on managing security problems, not data.


Jim Schaad (
David Waltermire (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)