Operational Security Requirements BOF (opsec)

Thursday, July 17 at 1300-1500
===============================

CHAIR:  George M. Jones <[email protected]>

AGENDA:

* Welcome and discussion of agenda (Jones, 10 min)
* History and Current Status (Jones, 10 min)
* Goals (Jones, 10 minutes)
* Related Work/Relationships (Jones, et al., 10 min)
* Overview of draft (Jones, 30 minutes)
* Discuss Contents of the draft (all, 30 minutes)
* Define Next Steps, Work Areas, Milestones (Jones, et al., 10 minutes)
* Adjourn


Mailing Lists:
 General Discussion: [email protected]
 To Subscribe: [email protected], "subscribe opsec" in body.
 Archive: http://ops.ietf.org/lists/opsec/


Purpose:


  The primary purposes of this BOF are to


     1. Discuss the draft


     2. To determine appropriate next steps.


  From the draft:


  This document defines a list of security requirements for devices
  that implement the Internet Protocol (IP).  These requirements apply
  to devices that makeup the network core infrastructure (such as
  routers and switches) as well other devices that implement IP (e.g.,
  cable modems, personal firewalls,hosts). A framework is defined for
  specifying "profiles", which are collections of devices applicable to


  certain classes of devices. The goal is to provide consumers of
  network equipment a clear, concise way of communicating their
  security requirements to vendors of such equipment.


Current Status:


 The initial draft has been published.   Comments are being solicited,
 both online and via a BOF.  The intent is to go through one to three
 rounds as an Internet Draft and then re-evaluate the proper course
 of action.  Some possibilities include:


   * Proceed towards a single individual submission informational RFC
   * Split into several drafts (BCP vs. non-BCP, functional vs.
     assurance, etc.)
   * Collaborate with ANSI on updates to T1.276-200x
   * Form a working group


 Some of the work that needs to get done includes:


   * Breaking down compound requirements (global)
   * Creating "profiles" of requirements appropriate to
     different classes of devices (Edge, Core, Wireless, SOHO...)

Background Information:

 See http://www.port111.com/opsec/ for the latest rev, a list
 of meta issues, to-dos, etc.

You are viewing proxied material from ftp.icm.edu.pl. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.