SACM Architecture Draft

[Adam Montville]

All:

Apologies for the cross-post. We thought you might be potentially interested in reviewing our SACM architecture draft [1], which seems to overlap with some of the SCAP 2.0 efforts regarding endpoint data collection and possibly on the OVAL development side as well (if you feel this note also belongs on one or more of the other lists, let me know).

From the introduction of the draft:

The purpose of this draft is to define an architectural approach for [security automation and continuous monitoring].  This approach gains the most advantage by supporting a variety of collection systems, and intends to enable a cooperative ecosystem of tools from disparate sources with minimal operator configuration.

The scope of the architecture is, roughly, to enable the components in various security automation workflows to communicate without necessarily understanding the details of the communication - in other words, the information that is passed between various components is, from the architecture’s perspective, opaque. The draft covers relevant workflows and begins to define the components, interactions, and capabilities necessary for configuration management workflows.

Please take some time to review the draft and, if you’re willing, opine either here or directly on the SACM mailing list (preferred - see [2]).

Kind regards,

Adam

[1] https://datatracker.ietf.org/doc/draft-ietf-sacm-arch/?include_text=1 

[2] https://www.ietf.org/mailman/listinfo/sacm