[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

-01 draft submitted, summary of changes

On Fri, 15 Aug 2003, George Jones wrote:

The -01 draft has been submitted to the drafts editor and will
be up on the IETF servers as soon as they get around to processing.
In the meantime, you can get a copy from

  http://www.port111.com/opsec/draft-jones-opsec-01.txt

Below is a summary of the changes.

RESTRUCTURING
  The scope and other front-matter have been refined.
  See earlier posting for details.

  In the previous doc, requirements were grouped under
  BCP, Non-standard and Advanced sections.  They are
  now grouped under  Functional, Documentation, Assurance.

  There has been a good deal of regrouping/reordering of
  reqs...section/requiremnt numbers between -00 and -01
  have little/no consistency.


REMOVED

  The following requirements that were in -00 have been removed.

  Ability To Stealth Device
  Ability to Classify Events
  Ability to Configure Security of Log Messages
  Ability to Specify Logservers by Event Classification
  Device Remains Manageable at All Times
  Maintain Primary Function at All Times


ADDED

  The following requirements have been added to -01

  Enforce Selection of Strong Local Static Authentication Tokens (Passwords)
  No Default Static Authentication Tokens (Passwords)
  Static Authentication Tokens (Passwords) Must Be Configured
  Restrict Management to Local Interfaces
  Support Remote Configuration Restore

RENAMED

  The following requirements changed names.

  Ability to Disable Directed Broadcasts
    => Directed Broadcasts Disabled by Default

  Packet Filtering Actions
    => Ability to Specify Filter Actions

UPDATED

  The Profiles are more complete.

  Numerous small changes within requirements.
  Diffs can be (somewhat painfully) generated on request.

---George Jones