Minutes from July 22 Telecon

2 views
Skip to first unread message

Charles Schmidt

unread,
Jul 25, 2020, 5:53:59 PM7/25/20
to scap-dev-endpoint
Hi all,

Below are my notes from the telecon on July 22. Comments and corrections are welcome.

Charles


---------------


Attending: Stephen Banghart (NIST), Jessica Fitzgerald-McKay (DOD), Bill Munyan (CIS), Adam Montville (CIS), Dave Kemp (DOD), Dan Haynes (MITRE), David Solin (Joval), Masato Terada (Hitachi)


The group discussed the engagement with the Open Cybersecurity Alliance

·         Charles had put together an project proposal for OCA. After some editing, Adam felt it was ready to submit to OCA.

·         Adam noted that OCA would likely have questions about the resources available to support the project. Charles noted that, at the moment, he doesn't have a good answer. Adam felt that this was ok and that it could lead to productive discussions with OCA.

·         There will be a project governance board meeting on July 30. Charles, Stephen, Jessica, and David all said they would be willing to participate. Adam will forward the invite.


The group discussed OpenC2 and the prototype work

·         Charles noted that there hasn't been too much progress on the prototype in recent weeks, but the next step will be to flesh out the portions of the prototype related to targeting.

·         Charles reported that there was a meeting with OpenC2 the previous week

o   OpenC2 has a prototype infrastructure they are working on. In that infrastructure, there is a box for "Collect SBOMs" and the implementation of this box had not been defined. The OpenC2 reps felt that SCAP could be the component that implemented this box and Charles had agreed.

o   OpenC2 involves a high-level command framework which then are extended with profiles for specific devices and actuators. The OpenC2 team had felt that it would make sense to create an SCAP profile that captured the details of commands needed by the SCAP architecture, but could do so within the broader OpenC2 framework. It was agreed that SCAP would need to develop more details about the commands and parameters it uses before such a profile could be developed.

o   David asked what integration with OpenC2 would buy SCAP. Jessica noted that OpenC2 has a larger codebase of prototypes and that integrating with them would allow SCAP to operate within those prototypes.

·         In conclusion, it was noted that the two efforts will keep in touch, but that SCAP needs to flesh out some technical details before there will be any action items related to integration.


The architecture document

·         Stephen asked if there were any comments on the architecture document posted June 10 (https://groups.google.com/a/list.nist.gov/forum/#!topic/scap-dev-endpoint/seOSuQDsVjM).

·         It was agreed that the group would review the document and provide comments via email by July 29.

·         If the group agrees on the architecture document as it is written now, the next step will be to begin a more technically detailed design based on the document.


========= ACTION ITEMS ==========

Adam – Send team members the invitation to attend the OCA project governance board call

Everyone – Review the architecture design document and provide feedback by June 29

 


Reply all
Reply to author
Forward
0 new messages