ATIS Liaison Pre-letter Ballot Review Security Management System (TMOC Issue 56)

1. Chris Lonvick <clonvick@cisco.com> Joe Salowey <jsalowey@cisco.com> Personal Liaisons to the TMOC Chair ATIS LiaisonPre-letter Ballot ReviewSecurity Management System(TMOC Issue 56)

2. To: TISPAN WG 8 3GPP2 TSG-S WG5 IETF O&M Area Directors OpSec WG Chairs ITU-T Rapporteurs SG4 Q18 Chair DSL Forum TR45 OIF MPLS Forum MEF Liaison Request from ATIS/TMOC • From: TMOC - Telecom Management and Operations Committee, Formerly T1M1 OAM&P Committee, a committee of ATIS – Alliance for Telecommunications Industry Solutions.

3. Liaison Request from ATIS/TMOC • The purpose of this correspondence is to inform you that the TMOC (Telecom Management and Operations Committee, Formerly T1M1 OAM&P Committee) has entered the pre Letter Ballot review phase for TMOC Issue 56, Security Management System Standard. This is a follow up notice to the TMOC correspondence entitled Announcement of New Standards Work: Security Management System (TMOC Issue 56), document number T1M1/2003-207, transmitted on Aug 19, 2004. • The latest baseline document is attached for your review. Comments would be greatly appreciated before March 24, 2005. Please send your comments directly to me.

4. The Liaison Statement • TMOC-AIP 2005-005r3 formerly T1M1.5/2003-112R4 • Received and is on the IETF/IAB Liaison Statement page: • http://www.ietf.org/IESG/LIAISON/file92.pdf

5. Outline of the Document • SCOPE • REFERENCES • GLOSSARY • SECURITY MANAGEMENT SYSTEM CONCEPTS • TELCOM NETWORK ARCHITECTURE OVERVIEW • SECURITY MANAGEMENT SYSTEM FUNCTIONAL REQUIREMENTS • APPENDIX I SEMANTICS OF TERMS USED IN THIS DOCUMENT • APPENDIX II DETAIL RELATIONSHIP OF SECURITY MANAGEMENT CONCEPTS TO ISO 7498-2

6. Already Noted • References are outdated.

7. Points of Interest • Section 4 - “The Security Management System described in this document is primarily a manager of security concepts intended to mechanize the application of various security and security management tools. Because it in essence supports these tools, it is considered an Operations Support System for Security Management. Thus the title Security Management Operational Support System (SM-OSS).”

8. Points of Interest • Section 4.1 - Security Management Concepts Relationship to ISO 7498-2 • Section 4.2 - Security Management Concepts Relationship to X.805 • Section 4.3 - Security Management Concepts Relationship to T1-276-2003

9. Points of Interest • Section 5 - “At the highest level of abstraction, a TSP's system infrastructure has four major functional areas:” • Transport • Application • Management • Application Environment • Operating Systems of management server (end) nodes, client (end) nodes and managed element nodes. • File systems of management server (end) nodes, client (end) nodes and managed element nodes. • The hardware components of management server (end) nodes, client (end) nodes and managed element nodes.

10. Points of Interest • Section 5 – Requirements and Services are from M.3016.

11. Points of Interest • Section 5 – Requirements SEC-1 through SEC-9 • SEC-1: The TSP Infrastructure SHALL support capabilities to establish and verify the claimed identity of any subject interacting with, or within, the TSP Infrastructure. • SEC-3: The TSP Infrastructure SHALL support the capability to keep stored and communicated data confidential. • SEC-8: The TSP Infrastructure SHALL support the capability to analyze and exploit logged data on security relevant events in order to check for violations of system and network security.

12. Points of Interest • Section 6 – Requirements SEC-11 through SEC-63 • SEC-11: The interface SHALL use https (a secure web based interface) with XML and XSL. • SEC-12: The user interface SHALL work with all of the popular web browsers. • SEC-13: The user interface SHALL be able to execute all functions within the OSS application. • SEC-14: There are no functions that must be performed via another method, such as a command line interface. An Architecture for Security Management T1M1.5/2003-112 • SEC-15: This interface module SHALL communicate with the subsystems and other interface modules through the use of a non-proprie tary method, such as CORBA, DCE, Sockets/XML, etc.

13. Points of Interest • Section 6 – Requirements SEC-11 through SEC-63 • SEC-60: The interface module will communicate with the subsystems and other interface modules through the use of a non-proprietary method, such as CORBA, DCE, Sockets/XML, etc. • SEC-61: The Interface Module SHALL setup the authentication request to the managed network element and authenticate itself prior to the execution of the commands. • SEC-62: The OSS application SHALL have a supported API so that vendors of managed network elements may supply their own interface modules. • SEC-63: The vendor of the OSS application SHALL provide an API so that managed network element vendors can produce an interface module for their product.

14. Liaison Response • Please send your comments on the document to Joe and Chris. • Please include notes on the following: • The document {SHOULD | SHOULD NOT} become an ANSI Standard, and your reasons for your conclusion. • Specific comments that can be given to TMOC to make the document better. • Joe and Chris will consolidate the comments and give them to TMOC as a Liaison Contribution after review by the WG Chairs and Area Directors.