Technical Summary
This memo documents a sampling of use cases for securely aggregating
configuration and operational data and evaluating that data to
determine an organization's security posture. From these operational
use cases, we can derive common functional capabilities and
requirements to guide development of vendor-neutral, interoperable
standards for aggregating and evaluating data relevant to security
posture.
Working Group Summary
The working group paid a lot of attention to this document because it
was considered as important for the definition of the scope, requirements
and solution architecture for SACM. It was reviewed carefully and discussed
in details in meetings and on the mail list by a large number of participants.
The resulting work reflects a solid consensus.
Document Quality
The draft describes use cases and is informational, so it has not been
implemented, but does demonstrate consensus of the working group
of which, many have plans to implement.
There is a sound interest in SACM, and this is the first WG document. The reviews
and discussions were solid and in depth. Using some kind of formal language
was considered but eventually the WG had strong consensus for the current
(plain English) ways of expressing the use cases. Subsequent drafts in SACM
reference this use case draft, including the requirements and architecture drafts.
Personnel
Dan Romascanu is the document shepherd.
Kathleen Moriarty is the responsible AD.