G and R for Security Incident Processing (grip)
Last Modified: 28-Jan-99
Chair(s):
Barbara Fraser <byf@cert.org>K.-P. Kossakowski <klaus-peter@kossakowski.de>
Operations and Management Area Director(s):
Harald Alvestrand <Harald.Alvestrand@maxware.no>Bert Wijnen <wijnen@vnet.ibm.com>
Operations and Management Area Advisor:
Harald Alvestrand <Harald.Alvestrand@maxware.no>Mailing Lists:
General Discussion:<grip-wg@uu.net>To Subscribe: <grip-wg-request@uu.net>
Archive: http://www-ext.eng.uu.net/grip-wg/grip-wg.txt
Description of Working Group:
The full name of this working group is Guidelines and Recommendations for Security Incident Processing.This working group is co-chartered by the Security Area.
The purpose of the GRIP Working Group is to provide guidelines and recommendations to facilitate the consistent handling of security incidents in the Internet community. Guidelines will address technology vendors, network service providers and response teams in their roles assisting organizations in resolving security incidents. These relationships are functional and can exist within and across organizational boundaries.
The working group will produce a set of documents:
1) Guidelines for security incident response teams (IRT).
2) Guidelines for internet service providers (ISP) consisting of three documents covering the following topics:
- Expectations on how ISPs will coordinate with each other and IRTs in incident handling
- Consumer Checklist on ISPs
- Site Security Handbook (SSH) Addendum for ISPs
3) Guidelines for vendors (technology producers).
Goals and Milestones:
| March 98 | "Expectations for Security Incident Response" submitted to IESG | done |
| May 98 | "Expectations for Security Incident Response" accepted as Best Current Practice | done |
| June 98 | "Expectations for Security Incident Response" published as RFC 2350 | done |
| Februrary 99 | Split actual draft on ISPs (grip-isp-07) into three new drafts
reflecting the new outline and incorporate comments from December 98
meeting:
Release new versions of all for grip-isp-... drafts. |
|
| February 99 | Put all previous discussion results about the document for technology providers into a first draft. | |
| March 99 | Meet during the IETF. Discuss latest versions of all grip-isp-... documents. Discuss draft document for technology provider. |
|
| May 99 | Incorporate comments from April meeting into
the discussed versions of all grip-isp-...
documents as appropriate. Release all versions for WG last call. Second draft of technology provider document grip-tp-01. |
|
| June 99 | Submit all current drafts of the grip-isp-... documents to the IESG for consideration as Best Current Practice. | |
| July 99 | Second draft of technolgy provider document grip-tp-02. | |
| August 99 | Meeting during the IETF. Discuss latest version of grip-tp-... documents. |
|
| September 99 | Incorporate comments from August meeting into
the discussed version of the grip-tp-... document. Release versions for working group last call. |
|
| October 99 | Submit current draft of the grip-tp-... document to the IESG for consideration as Best Current Practice. |
Internet-Drafts:
Security Expectations for Internet Service Providers (60667 bytes)Request For Comments:
Expectations for Computer Security Incident Response (RFC 2350) (86545 bytes)IETF Secretariat - Please send questions, comments, and/or suggestions to ietf-web@ietf.org.