[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
-01 draft submitted, summary of changes
- To: opsec@ops.ietf.org
- Subject: -01 draft submitted, summary of changes
- From: George Jones <gmj@pobox.com>
- Date: Fri, 15 Aug 2003 12:25:27 -0400 (EDT)
- In-reply-to: <Pine.LNX.4.53.0308151218250.8367@mall.pulltheplug.com>
- References: <Pine.LNX.4.53.0308151218250.8367@mall.pulltheplug.com>
- Reply-to: gmj@pobox.com
On Fri, 15 Aug 2003, George Jones wrote:
The -01 draft has been submitted to the drafts editor and will
be up on the IETF servers as soon as they get around to processing.
In the meantime, you can get a copy from
http://www.port111.com/opsec/draft-jones-opsec-01.txt
Below is a summary of the changes.
RESTRUCTURING
The scope and other front-matter have been refined.
See earlier posting for details.
In the previous doc, requirements were grouped under
BCP, Non-standard and Advanced sections. They are
now grouped under Functional, Documentation, Assurance.
There has been a good deal of regrouping/reordering of
reqs...section/requiremnt numbers between -00 and -01
have little/no consistency.
REMOVED
The following requirements that were in -00 have been removed.
Ability To Stealth Device
Ability to Classify Events
Ability to Configure Security of Log Messages
Ability to Specify Logservers by Event Classification
Device Remains Manageable at All Times
Maintain Primary Function at All Times
ADDED
The following requirements have been added to -01
Enforce Selection of Strong Local Static Authentication Tokens (Passwords)
No Default Static Authentication Tokens (Passwords)
Static Authentication Tokens (Passwords) Must Be Configured
Restrict Management to Local Interfaces
Support Remote Configuration Restore
RENAMED
The following requirements changed names.
Ability to Disable Directed Broadcasts
=> Directed Broadcasts Disabled by Default
Packet Filtering Actions
=> Ability to Specify Filter Actions
UPDATED
The Profiles are more complete.
Numerous small changes within requirements.
Diffs can be (somewhat painfully) generated on request.
---George Jones