Minutes from Aug 19, 2020 Teleconference
Charles Schmidt
Attending: Stephen Banghart (NIST), Bill Munyan (CIS), Dave Kemp (DOD), Dan Haynes (MITRE), David Solin (Joval), Masato Terada (Hitachi), Danny Martinez (HII-TSD), Charles Schmidt (MITRE)
Revised SCAP v2 Architecture
- Charles summarized the changes as mostly minor edits and clarifications. He did alter the message archiving assessment instructions into a more general data storage message that only stores data (rather than the previous process that stored data but also sometimes queried the archive for relevant results). He expanded on the use cases that Query needs to support now that the Repository just gets straightforward Store and Query messages. He also revised the processing procedures to reflect this change.
- Danny M. asked if the prototype was including OpenC2 yet. Charles said it was not yet doing so since many parameters have yet to be determined.
Prototype Development
- Danny reported that Collectors and PCXs now send assessment results directly to the Repository rather than to the Manager. As a result, Collector-Manager interaction is now just an event from the manager with the assessment instructions rather than a query-response.
- Danny reported that he is using OpenDXL for communications with PCEs. Normally the interface with PCEs is beyond the scope of the SCAP message fabric and beyond the scope of SCAP standardization, so this is being done just to simplify development.
- Danny added capabilities where PCEs register to Collectors or PCXs and then Collectors pass the associated endpoint and PCE identifier to the Repository.
o David S. raised a concern about the PCE information going into the repository, noting that this information shouldn't be necessary for the Manager. Charles responded that PCE information was not necessary for the Manager and that the Manager just gathered targets and Collectors, while the Collectors tracked their PCEs themselves. However, Charles argued that it could be useful for the Repository to store PCE information so that users could determine what PCEs were deployed and in use.
o Charles also noted that it might not actually be the case that PCEs register themselves. Instead, the Collector might have its own way of determining what PCEs and associated endpoints it can assess and the registration information to the Repository might be entirely generated by the Collector in this case.
- David K. noted that the architecture slides continue to use inconsistent naming of messages. He recommended reading the link he sent to Visual Paradigm as a good guide to creating of data models.
OCA Status
- Charles reported that the SCAP prototype was accepted as an OCA project. The group is working through some administrative details. There will be a meeting with OCA on Friday.
Virtual SCAP V2 Workshop
- Charles reported that there will be a virtual SCAP v2 workshop at the end of September/beginning of October. A save-the-date will be coming out shortly.
- The group will have 2 hours in which to share information and get feedback from the broader SCAP community. The data collection sub-group should decide what we should talk about.
o Stephen suggested that an update on engagement with OCA should be given. Charles agreed to put something together.
o Jessica requested that Danny provide a demo of the architecture tool.
o It was agreed that there should be a briefing on the state of the SCAP v2 architecture design.
- Members of the group were asked to think about other topics that should be raised.
=== ACTION ITEMS
Charles/Danny – Address representation issues in the slides associated with the prototype.
Everyone – Think about topics to discuss at the face-to-face.