Security Automation and Continuous Monitoring (SACM) Requirements
RFC 8248
Document | Type | RFC - Informational (September 2017; No errata) | |
---|---|---|---|
Authors | Nancy Cam-Winget , Lisa Lorenzin | ||
Last updated | 2017-09-21 | ||
Stream | IETF | ||
Formats | plain text html pdf htmlized bibtex | ||
Reviews | |||
Stream | WG state | Submitted to IESG for Publication | |
Document shepherd | Karen O'Donoghue | ||
Shepherd write-up | Show (last changed 2017-05-07) | ||
IESG | IESG state | RFC 8248 (Informational) | |
Action Holders |
(None)
|
||
Consensus Boilerplate | Yes | ||
Telechat date | |||
Responsible AD | Kathleen Moriarty | ||
Send notices to | "Karen O'Donoghue" <odonoghue@isoc.org> | ||
IANA | IANA review state | Version Changed - Review Needed | |
IANA action state | No IANA Actions |
Internet Engineering Task Force (IETF) N. Cam-Winget Request for Comments: 8248 Cisco Systems Category: Informational L. Lorenzin ISSN: 2070-1721 Pulse Secure September 2017 Security Automation and Continuous Monitoring (SACM) Requirements Abstract This document defines the scope and set of requirements for the Security Automation and Continuous Monitoring (SACM) architecture, data model, and transfer protocols. The requirements and scope are based on the agreed-upon use cases described in RFC 7632. Status of This Memo This document is not an Internet Standards Track specification; it is published for informational purposes. This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Not all documents approved by the IESG are a candidate for any level of Internet Standard; see Section 2 of RFC 7841. Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at https://www.rfc-editor.org/info/rfc8248. Copyright Notice Copyright (c) 2017 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Cam-Winget & Lorenzin Informational [Page 1] RFC 8248 SACM Requirements September 2017 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 3 2. Requirements . . . . . . . . . . . . . . . . . . . . . . . . 3 2.1. Requirements for SACM . . . . . . . . . . . . . . . . . . 4 2.2. Requirements for the Architecture . . . . . . . . . . . . 7 2.3. Requirements for the Information Model . . . . . . . . . 9 2.4. Requirements for the Data Model . . . . . . . . . . . . . 10 2.5. Requirements for Data Model Operations . . . . . . . . . 12 2.6. Requirements for SACM Transfer Protocols . . . . . . . . 14 3. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 15 4. Security Considerations . . . . . . . . . . . . . . . . . . . 15 4.1. Trust between Provider and Requestor . . . . . . . . . . 16 4.2. Privacy Considerations . . . . . . . . . . . . . . . . . 17 5. References . . . . . . . . . . . . . . . . . . . . . . . . . 18 5.1. Normative References . . . . . . . . . . . . . . . . . . 18 5.2. Informative References . . . . . . . . . . . . . . . . . 18 Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 18 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 19 1. Introduction Today's environment of rapidly evolving security threats highlights the need to automate the sharing of security information (such as posture information) while protecting user information and the systems that store, process, and transmit this information. Security threats can be detected in a number of ways. The Security Automation and Continuous Monitoring (SACM) charter focuses on how to collect and share this information based on use cases that involve posture assessment of endpoints. Scalable and sustainable collection, expression, and evaluation of endpoint information is foundational to SACM's objectives. To secure and defend a network, one must reliably determine what devices are on the network, how those devices are configured from a hardware perspective, what software products are installed on those devices, and how those products are configured. We need to be able to determine, share, and use this information in a secure, timely, consistent, and automated manner to perform endpoint posture assessments. This document focuses on describing the requirements for facilitating the exchange of posture assessment information in the enterprise, in particular, for the use cases as exemplified in [RFC7632]. Cam-Winget & Lorenzin Informational [Page 2] RFC 8248 SACM Requirements September 2017Show full document text