Presentation is loading. Please wait.

Presentation is loading. Please wait.

Asset Summary Reporting draft-davidson-sacm-asr-00 David Waltermire

Published byAudrey Walters Modified over 8 years ago

Similar presentations

Presentation on theme: "Asset Summary Reporting draft-davidson-sacm-asr-00 David Waltermire"— Presentation transcript:

1 Asset Summary Reporting draft-davidson-sacm-asr-00 http://datatracker.ietf.org/doc/draft-davidson-sacm-asr/ David Waltermire (david.waltermire@nist.gov)david.waltermire@nist.gov Presenting for: Mark Davidson (mdavidson@mitre.org)

2 What is Asset Summary Reporting (ASR)? An XML-based data format that facilitates the exchange of summary information about one or more sets of assets. ASR is vendor neutral. It is flexible, and suited for a wide variety of reporting applications. ASR Goals: To describe summary information about one or more arbitrarily large and complex asset-related data sets in a standardized manner. To allow content producers the ability to choose an appropriate level of detail depending on their needs and data set size requirements. To reduce the complexity of producing and consuming summary result documents. This specification defines an asset as anything that has value to an organization including, but not limited to: Computing devices Networks People Organizational units

3 What information does it capture? Data source – Identifies the asset pool from which the report is generated – Can use Asset Identification (draft-montville-sacm-asset-identification-00) to identify assets Record set – A collection of 1 or more records to report – An ASR record set may span multiple pages when necessary Reduces risk of resending a large, single report Reduces memory load of creating large, single reports Record set type – A description of how to construct a record set – May reference a record set type definition Namespace Qualified Attributes – Semantically well-defined attributes associated with a record – Controlled vocabulary approach – Specific data types (e.g. counts of assets, identifer types, report findings)

4 How does it relate to the IETF? Security Automation and Continuous Monitoring (SACM) Use Case 1: System State Assessment (draft- waltermire-sacm-use-cases-02) Asset Management (4.1.1) – Can provide a common vocabulary to support the exchange of asset details Content Management (4.1.4) – Record Set Type definitions are another type of content that may be exchanged Provides machine-interpretable guidance that may support report generation Used to validate reporting data

5 How does it relate to the IETF? (Cont’d) Security Automation and Continuous Monitoring (SACM) Use Case 2: Enforcement of Acceptable State (draft-waltermire-sacm-use-cases-02) Assessment Query and Transport (4.2.1) – Exchange of assessment results – Use within NEA-related protocols to provide transport?

6 How does it relate to the IETF? (Cont’d) Security Automation and Continuous Monitoring (SACM) Use Case 3: Security Control Verification and Monitoring (draft-waltermire-sacm-use-cases- 02) Data Aggregation and Reporting (4.3.2) – Supports the definition and exchange of aggregate reports – Enables aggregation of by asset characteristics, assessment identifiers and characteristics, control identifiers, checklist identifiers, product ids or classes

7 How does it relate to the IETF? (Cont’d) Managed Incident Lightweight Exchange (MILE WG) IODEF-extension to support structured cybersecurity information (draft-ietf-mile-sci-05) Capable of representing observed information pertaining to various extended classes (e.g. platform, vulnerability) Possible candidate for inclusion in the IANA registry (Appendix II)

8 Possible work / How you can help? Develop greater consensus around reporting use cases for ASR Develop an IANA registry for Namespace Qualified Attributes – Provides future extensibility to additional reporting use cases Develop an IANA registry referencing definitions for common record set types Integrate/extend into protocols where applicable (e.g. SACM, NEA, MILE) JSON vs. XML

9 EXAMPLES

10 Current ASR Data Model

11 Example – Record Set <asr:summary-report xmlns:ex="com.example" xmlns:asr="http://scap.nist.gov/schema/asset-summary-reporting/1.0" xmlns:asr-attr=“http://scap.nist.gov/schema/asset-summary-reporting/1.0/attr” page-number="1" last-page="true" report-id="d1e1"> <asr:record-set id="asr:com.example:rset:1" data-source-ref="asr:com.example:dsrc:1" record-set-type="ex:cve-report-small"> <asr:record asr-attr:cve-id="CVE-2011-2013“ asr-attr:inventory-finding="EXISTS“ asr-attr:count="50"/> <asr:record asr-attr:cve-id="CVE-2011-2013“ asr-attr:inventory-finding="NOT_EXISTS" asr-attr:count="170"/> <asr:record asr-attr:cve-id="CVE-2011-2013" asr-attr:inventory-finding="NOT_APPLICABLE" asr-attr:count="30"/> <asr:data-source id="asr:com.example:dsrc:1" resource="VulnDb.abc.com" population-size="250"/>

12 Example – Data Source Using Asset Identification <asr:summary-report xmlns:ex="com.example“... <asr:data-source id="asr:com.example:dsrc:1" resource="VulnDb.example.com“ population-size="250"> cpe:2.3:o:microsoft:windows_7:-:-:x64:*:*:*:*:* asset1.example.com cpe:2.3:o:microsoft:windows_7:-:-:x86:*:*:*:*:* asset2.example.com...

13 Example – Record Set Type Record Set Type Name: {com.example}cve-report-small Description: To report on the number of computers affected by a CVE. Attributes – asr-attr:cve-id – MUST include. This is the CVE ID being reported on. Type: XML schema “string”. – asr-attr:inventory-finding – MUST include. This is a status of the CVE for each asset in the count. Value must be one of “EXISTS”, “NOT_EXISTS”, “NOT_APPLICABLE”, “NOT_REPORTED”, “ERROR”, or “UNKNOWN”. Type: XML schema “string”. – asr-attr:count – MUST include. Asset list is associated with this attribute. This count is the number of assets with the CVE related to the asset via the inventory-finding. Type: XML schema nonNegativeInteger. Permit attributes not explicitly described here: no Require asset list: not permitted Require identifier list: not permitted 13

Download ppt "Asset Summary Reporting draft-davidson-sacm-asr-00 David Waltermire"

Similar presentations

February 2001 1 Harvesting RDF metadata Building digital library portals with harvested metadata workshop EU-DL All Projects concertation meeting DELOS.

February Harvesting RDF metadata Building digital library portals with harvested metadata workshop EU-DL All Projects concertation meeting DELOS.
Research Issues in Web Services CS 4244 Lecture Zaki Malik Department of Computer Science Virginia Tech

Research Issues in Web Services CS 4244 Lecture Zaki Malik Department of Computer Science Virginia Tech
1 Web Data Management XML Schema. 2 In this lecture XML Schemas Elements v. Types Regular expressions Expressive power Resources W3C Draft: www.w3.org/TR/2001/REC-xmlschema-1-20010502.

1 Web Data Management XML Schema. 2 In this lecture XML Schemas Elements v. Types Regular expressions Expressive power Resources W3C Draft:
Web Services Nasrullah. Motivation about web service There are number of programms over the internet that need to communicate with other programms over.

Web Services Nasrullah. Motivation about web service There are number of programms over the internet that need to communicate with other programms over.
Managed Incident Lightweight Exchange (MILE) Overview and Participation Kathleen Moriarty Global Lead Security Architect EMC Corporate CTO Office.

Managed Incident Lightweight Exchange (MILE) Overview and Participation Kathleen Moriarty Global Lead Security Architect EMC Corporate CTO Office.
Auditing Concepts.

Auditing Concepts.
SACM Terminology Nancy Cam-Winget, David Waltermire, March.

SACM Terminology Nancy Cam-Winget, David Waltermire, March.
Mark Evans, Tessella Digital Preservation Boot Camp – PASIG meeting, Washington DC, 22 nd May 2013 PREMIS Practical Strategies For Preservation Metadata.

Mark Evans, Tessella Digital Preservation Boot Camp – PASIG meeting, Washington DC, 22 nd May 2013 PREMIS Practical Strategies For Preservation Metadata.
1 Introduction to XML. XML eXtensible implies that users define tag content Markup implies it is a coded document Language implies it is a metalanguage.

1 Introduction to XML. XML eXtensible implies that users define tag content Markup implies it is a coded document Language implies it is a metalanguage.
1 Introduction to SOA. 2 The Service-Oriented Enterprise eXtensible Markup Language (XML) Web services XML-based technologies for messaging, service description,

1 Introduction to SOA. 2 The Service-Oriented Enterprise eXtensible Markup Language (XML) Web services XML-based technologies for messaging, service description,
Network Management Overview IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.

Network Management Overview IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.
Requirements for Format for INcident data Exchange (FINE) draft-ietf-inch-requirements-00.txt INCH WG, IETF56 March 19, 2003 Yuri Demchenko Glenn Mansfield.

Requirements for Format for INcident data Exchange (FINE) draft-ietf-inch-requirements-00.txt INCH WG, IETF56 March 19, 2003 Yuri Demchenko Glenn Mansfield.
Understanding Networked Applications: A First Course Chapter 15 by David G. Messerschmitt.

Understanding Networked Applications: A First Course Chapter 15 by David G. Messerschmitt.
DCS Architecture Bob Krzaczek. Key Design Requirement Distilled from the DCS Mission statement and the results of the Conceptual Design Review (June 1999):

DCS Architecture Bob Krzaczek. Key Design Requirement Distilled from the DCS Mission statement and the results of the Conceptual Design Review (June 1999):
Web Services By Ethan Justin Yuli. Web Services in Action Information through Integration (Google Example)Google Example www.Maps.Google.Com What do Web.

Web Services By Ethan Justin Yuli. Web Services in Action Information through Integration (Google Example)Google Example What do Web.
The Semantic Web – WEEK 3: XML Schema Tutorial/Practical: Exercises using the Suns Today’s lecture will include material relevant to Advanced DBs and Language.

The Semantic Web – WEEK 3: XML Schema Tutorial/Practical: Exercises using the Suns Today’s lecture will include material relevant to Advanced DBs and Language.
The RDF meta model: a closer look Basic ideas of the RDF Resource instance descriptions in the RDF format Application-specific RDF schemas Limitations.

The RDF meta model: a closer look Basic ideas of the RDF Resource instance descriptions in the RDF format Application-specific RDF schemas Limitations.
Web Services Michael Smith Alex Feldman. What is a Web Service? A Web service is a message-oriented software system designed to support inter-operable.

Web Services Michael Smith Alex Feldman. What is a Web Service? A Web service is a message-oriented software system designed to support inter-operable.
A Use Case for SAML Extensibility Ashish Patel, France Telecom Paul Madsen, NTT.

A Use Case for SAML Extensibility Ashish Patel, France Telecom Paul Madsen, NTT.
Automated XML Content Data Exchange and Management draft-waltermire-content-repository-00

Automated XML Content Data Exchange and Management draft-waltermire-content-repository-00

Similar presentations

Ads by Google