[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Vulnerability Discussion at IETF 94 Next Week

The Internet Engineering Task Force (IETF) has a Security Automation and Continuous Monitoring (SACM) working group which is chartered to develop standardized protocols and data formats to support automated assessment of networked computing devices. The standards to be produced by this working group are intended to support standardized assessment capabilities as part of an organization’s typical management infrastructure. These assessment capabilities are intended to support vulnerability, configuration, and software inventory management use cases. DHS, NSA, and NIST have been working with MITRE to develop an IETF Internet Draft that explores vulnerability management in the context of the SACM work.

 

Here is the link to this draft:

 

https://datatracker.ietf.org/doc/draft-coffin-sacm-vuln-scenario/

 

We believe that exploring a use case targeted at automated enterprise vulnerability assessment will help the working group in developing standard protocols and data formats that are targeted to real enterprise needs and ensure much needed interoperability between vulnerability data sources and products. There will be a discussion of this draft at the IETF 94 meeting in Japan next week.

 

Meeting details (also attached):

 

Date/Time: Wednesday, November 4th, 2015 @ 7pm EST

Meeting Venue: https://www.ietf.org/meeting/94/index.html

SACM Agenda: https://www.ietf.org/proceedings/94/agenda/agenda-94-sacm

Remote Participation: Join Meetecho Session

Audio Streaming: http://ietf94streaming.dnsalias.net/ietf/ietf946.m3u

 

As key  members of the vulnerability community we hope you can attend this meeting either in-person or remotely to help encourage the working group to consider working on an end-to-end set of standards that will support automated vulnerability assessment by enterprises in addition to other assessment use cases. We think that this work would add value to the CVE, SCAP, and related efforts.

 

Please let us know if you have any questions.

 

Sincerely,

Dave

 

David Waltermire

Information Technology Laboratory | Computer Security Division

National Institute of Standards and Technology

 

BEGIN:VCALENDAR
PRODID:-//Microsoft Corporation//Outlook 15.0 MIMEDIR//EN
VERSION:2.0
METHOD:PUBLISH
X-MS-OLK-FORCEINSPECTOROPEN:TRUE
BEGIN:VTIMEZONE
TZID:Asia/Tokyo
BEGIN:STANDARD
DTSTART:16010101T000000
TZOFFSETFROM:+0900
TZOFFSETTO:+0900
END:STANDARD
END:VTIMEZONE
BEGIN:VEVENT
CLASS:PUBLIC
CREATED:20151029T153931Z
DESCRIPTION:Agenda: https://www.ietf.org/proceedings/94/agenda/agenda-94-sa
	cm\nRemote Participation: Join Meetecho Session <http://www.meetecho.com/i
	etf94/sacm_II> \nAudio Streaming: http://ietf94streaming.dnsalias.net/ietf
	/ietf946.m3u\n\n
DTEND;TZID=Asia/Tokyo:20151105T113000
DTSTAMP:20150922T101305Z
DTSTART;TZID=Asia/Tokyo:20151105T090000
LAST-MODIFIED:20151029T153931Z
LOCATION:Room 413
PRIORITY:5
SEQUENCE:0
SUMMARY;LANGUAGE=en-us:sacm - Security Automation and Continuous Monitoring
TRANSP:OPAQUE
UID:ietf-94-6823
X-ALT-DESC;FMTTYPE=text/html:<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//E
	N">\n<HTML>\n<HEAD>\n<META NAME="Generator" CONTENT="MS Exchange Server ve
	rsion rmj.rmm.rup.rpr">\n<TITLE></TITLE>\n</HEAD>\n<BODY>\n<!-- Converted 
	from text/rtf format -->\n\n<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Cali
	bri">Agenda:</FONT></SPAN><SPAN LANG="en-us"> </SPAN><A HREF="https://www.
	ietf.org/proceedings/94/agenda/agenda-94-sacm"><SPAN LANG="en-us"></SPAN><
	SPAN LANG="en-us"></SPAN><SPAN LANG="en-us"><U><FONT COLOR="#0563C1" SIZE=
	2 FACE="Arial">https://www.ietf.org/proceedings/94/agenda/agenda-94-sacm</
	FONT></U></SPAN><SPAN LANG="en-us"></SPAN></A><SPAN LANG="en-us"></SPAN></
	P>\n\n<P DIR=LTR><SPAN LANG="en-us"><FONT FACE="Calibri">Remote Participat
	ion:</FONT></SPAN><SPAN LANG="en-us"> </SPAN><A HREF="http://www.meetecho.
	com/ietf94/sacm_II"><SPAN LANG="en-us"><U><FONT COLOR="#0563C1" FACE="Cali
	bri">Join Meetecho Session</FONT></U></SPAN><SPAN LANG="en-us"></SPAN></A>
	<SPAN LANG="en-us"></SPAN></P>\n\n<P DIR=LTR><SPAN LANG="en-us"><FONT FACE
	="Calibri">Audio Streaming:</FONT></SPAN><SPAN LANG="en-us"> </SPAN><A HRE
	F="http://ietf94streaming.dnsalias.net/ietf/ietf946.m3u"><SPAN LANG="en-us
	"><U><FONT COLOR="#0563C1" FACE="Calibri">http://ietf94streaming.dnsalias.
	net/ietf/ietf946.m3u</FONT></U></SPAN><SPAN LANG="en-us"></SPAN></A><SPAN 
	LANG="en-us"></SPAN></P>\n\n<P DIR=LTR><SPAN LANG="en-us"></SPAN></P>\n\n<
	/BODY>\n</HTML>
X-MICROSOFT-CDO-BUSYSTATUS:TENTATIVE
X-MICROSOFT-CDO-IMPORTANCE:1
END:VEVENT
END:VCALENDAR
Page Last Updated or Reviewed: November 10, 2015