A New Internet-Draft is available from the on-line Internet-Drafts directories.
Title : OVAL and the SACM Information Model
Authors : Matthew Hansbury
Daniel Haynes
Juan Gonzalez
Filename : draft-hansbury-sacm-oval-info-model-mapping-02.txt
Pages : 26
Date : 2016-03-07
Abstract:
The OVAL community has spent more than ten years developing and
employing the OVAL Language. During this time, the community has
made a number of design decisions and learned a number of lessons
that should be leveraged as the next-generation endpoint posture
assessment standards are formulated. There are also a number of
places where portions of the OVAL Language align with the SACM
Information Model and could serve as a starting point for related
work. Another output of the work executed under the OVAL project is
a number of lessons that are applicable to the SACM work. These
lessons include a clear separation of data collection and evaluation;
a call to focus on ensuring both primary source vendors and third
party security experts feel invited to the discussion and are
empowered to leverage their unique domain knowledge; and to strive
for simplicity and flexibility, where possible. In addition, the
OVAL community has a set of clear recommendations with respect to
which parts of OVAL should be used by SACM as a means to make best
use of the efforts of those that have worked on and supported OVAL
over the past ten years. Those recommendations are:
o Use the OVAL System Characteristics Model to inform the
development of a data model for representing endpoint posture
attributes.
o Use the OVAL Definitions Model to inform the development of data
models for representing evaluation and collection guidance.
o Do not use the OVAL Results Model to inform the development of a
data model for representing evaluation results.
Lastly, this document will discuss the OVAL submission, how it is
expected to be used, and how it aligns with the SACM Vulnerability
Assessment Scenario.
The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-hansbury-sacm-oval-info-model-mapping/
There's also a htmlized version available at:
https://tools.ietf.org/html/draft-hansbury-sacm-oval-info-model-mapping-02
A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-hansbury-sacm-oval-info-model-mapping-02
Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
_______________________________________________
I-D-Announce mailing list
I-D-Announce@ietf.org
https://www.ietf.org/mailman/listinfo/i-d-announce
Internet-Draft directories: http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
