Security Automation and Continuous Monitoring (SACM) Requirements
RFC 8248
|
| Document |
Type |
|
RFC - Informational
(September 2017; No errata)
|
|
Last updated |
|
2017-09-21
|
|
Stream |
|
IETF
|
|
Formats |
|
plain text
pdf
html
bibtex
|
|
Reviews |
|
|
| Stream |
WG state
|
|
Submitted to IESG for Publication
(wg milestones:
May 2015 - Complete WGLC of SAC...,
Jul 2015 - Submit SACM Requirem...
)
|
|
Document shepherd |
|
Karen O'Donoghue
|
|
Shepherd write-up |
|
Show
(last changed 2017-05-07)
|
| IESG |
IESG state |
|
RFC 8248 (Informational)
|
|
Consensus Boilerplate |
|
Yes
|
|
Telechat date |
|
|
|
Responsible AD |
|
Kathleen Moriarty
|
|
Send notices to |
|
"Karen O'Donoghue" <odonoghue@isoc.org>
|
| IANA |
IANA review state |
|
Version Changed - Review Needed
|
|
IANA action state |
|
No IC
|
Internet Engineering Task Force (IETF) N. Cam-Winget
Request for Comments: 8248 Cisco Systems
Category: Informational L. Lorenzin
ISSN: 2070-1721 Pulse Secure
September 2017
Security Automation and Continuous Monitoring (SACM) Requirements
Abstract
This document defines the scope and set of requirements for the
Security Automation and Continuous Monitoring (SACM) architecture,
data model, and transfer protocols. The requirements and scope are
based on the agreed-upon use cases described in RFC 7632.
Status of This Memo
This document is not an Internet Standards Track specification; it is
published for informational purposes.
This document is a product of the Internet Engineering Task Force
(IETF). It represents the consensus of the IETF community. It has
received public review and has been approved for publication by the
Internet Engineering Steering Group (IESG). Not all documents
approved by the IESG are a candidate for any level of Internet
Standard; see Section 2 of RFC 7841.
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
https://www.rfc-editor.org/info/rfc8248.
Copyright Notice
Copyright (c) 2017 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Cam-Winget & Lorenzin Informational [Page 1]
RFC 8248 SACM Requirements September 2017
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1. Requirements Language . . . . . . . . . . . . . . . . . . 3
2. Requirements . . . . . . . . . . . . . . . . . . . . . . . . 3
2.1. Requirements for SACM . . . . . . . . . . . . . . . . . . 4
2.2. Requirements for the Architecture . . . . . . . . . . . . 7
2.3. Requirements for the Information Model . . . . . . . . . 9
2.4. Requirements for the Data Model . . . . . . . . . . . . . 10
2.5. Requirements for Data Model Operations . . . . . . . . . 12
2.6. Requirements for SACM Transfer Protocols . . . . . . . . 14
3. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 15
4. Security Considerations . . . . . . . . . . . . . . . . . . . 15
4.1. Trust between Provider and Requestor . . . . . . . . . . 16
4.2. Privacy Considerations . . . . . . . . . . . . . . . . . 17
5. References . . . . . . . . . . . . . . . . . . . . . . . . . 18
5.1. Normative References . . . . . . . . . . . . . . . . . . 18
5.2. Informative References . . . . . . . . . . . . . . . . . 18
Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 18
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 19
1. Introduction
Today's environment of rapidly evolving security threats highlights
the need to automate the sharing of security information (such as
posture information) while protecting user information and the
systems that store, process, and transmit this information. Security
threats can be detected in a number of ways. The Security Automation
and Continuous Monitoring (SACM) charter focuses on how to collect
and share this information based on use cases that involve posture
assessment of endpoints.
Scalable and sustainable collection, expression, and evaluation of
endpoint information is foundational to SACM's objectives. To secure
and defend a network, one must reliably determine what devices are on
the network, how those devices are configured from a hardware
perspective, what software products are installed on those devices,
and how those products are configured. We need to be able to
determine, share, and use this information in a secure, timely,
consistent, and automated manner to perform endpoint posture
assessments.
This document focuses on describing the requirements for facilitating
the exchange of posture assessment information in the enterprise, in
Show full document text