OASIS Collaborative Automated Course of Action Operations (CACAO) for Cyber Secu

 View Only
Back to discussions
Expand all | Collapse all

Comments on Playbook Requirements

  • 1.  Comments on Playbook Requirements

    Posted 03-18-2020 11:44




    I apologize that I have let my voting rights lapse. If I could have voted, I would have voted yes with comments. My comments are:
    In section 2.2, Interop 2, Extensions: I propose changing â Support vendor-specific extensions â
    to â Support industry-specific, enterprise-specific, and vendor-specific extensions â. My logic is the previous bullet says â Support
    deployment and use within an enterprise consisting of different vendors. Allow sharing of playbooks between enterprises with different environments, solutions, and vendors â. I agree vendors will want to specify how to meet
    generic needs with their specific technology (the original wording) but I think that users might also need similar customizations (enterprise-specific) and that the ISACs/ISAOs might similarly also need customizations (industry-specific).
    In section 2.10, Sec.2, Transport: â All requests and responses must be conveyed over a secure (encrypted and authenticated) transport protocol
    such as HTTPS (but not limited). â â I think there are more cases than specified and not all cases in all situations have same the requirements.


    Case 1: the playbook executor and device doing the action â I agree mutual authentication is required. I think non-repudiation is also required. I donât agree that confidentiality
    (ie encrypted channel) is required in all cases. I believe  there are cases in IoT where confidentiality is not required on the content (eg mass update to new software version) as long as integrity in maintained, and the cost of full encryption (in either
    processing or delay) would be higher than justified. Iâm thinking in particular of cases where SPA (single packet authentication) is used. Case 2: playbook creator to playbook executor â I agree authentication of creator is required but not necessarily mutual authentication. I believe there would be cases where playbooks
    could be âpublicâ for anyone to view. I think non-repudiation of creator would always be required. And confidentiality (eg full encryption) would be unnecessary in some cases (eg âpublicâ), and required in others.

    Duncan Sparrell
    sFractal Consulting LLC
    iPhone, iTypo, iApologize
    I welcome VSRE emails. Learn more at  http://vsre.info /

     
     

    From: <cacao@lists.oasis-open.org> on behalf of Allan Thomson <athomson@lookingglasscyber.com>
    Date: Tuesday, March 17, 2020 at 7:35 PM
    To: "cacao@lists.oasis-open.org" <cacao@lists.oasis-open.org>
    Subject: Re: [cacao] Groups - Ballots opened: 2


     

    As mentioned on the working call today, the Requirements and Terminology documents have been posted for ballot approval.
     
    Both documents are committee notes and are stakes in the ground on what our specifications will deliver on.
     
    The minutes from the call including the slides will be posted shortly if not already done.
     
    For anyone not on the call today we would highly encourage you review the slides as we will be delivering a draft specification at the next working call.
     
    Allan
     

    From: <workgroup_mailer@lists.oasis-open.org> on behalf of "tc_admin@oasis-open.org" <tc_admin@oasis-open.org>
    Date: Tuesday, March 17, 2020 at 3:09 PM
    To: Allan Thomson <athomson@lookingglasscyber.com>
    Subject: [cacao] Groups - Ballots opened: 2


     





    THIS EMAIL ORIGINATES FROM OUTSIDE OF LOOKINGGLAS S





    "Approval of Playbook Requirements Version 1.0 WD 02 as Committee Note Draft 01" has opened.




    Ballot Title :

    Approval of Playbook Requirements Version 1.0 WD 02 as Committee Note Draft 01








    Question
    Do you approve the Playbook Requirements Version 1.0 WD 02 as Committee Note Draft 01?


    Closing Date : Wednesday, 1 April 2020 @ 10:00 pm EDT

    Description
    Do you approve Playbook Requirements Version 1.0 WD 02 and all associated artifacts packaged together in the release listed below as a Committee Note Draft and designate the MS Word version of the document as authoritative?



    WD02 Release: https://www.oasis-open.org/committees/document.php?document_id=66717&wg_abbrev=cacao



    This document defines the core requirements for how cyber security playbooks can be created, documented, and shared in a structured and standardized way across organizational boundaries and technological solutions.


    Vote


    Yes
    No
    Abstain







    Group : OASIS Collaborative Automated Course of Action Operations (CACAO) for Cyber Security TC
    Date Opened : Tuesday, 17 March 2020 @ 6:00 pm EDT





    "Approval for Playbook Terminology Version 1.0 WD 01 as a Committee Note Draft 01" has opened.




    Ballot Title :

    Approval for Playbook Terminology Version 1.0 WD 01 as a Committee Note Draft 01








    Question
    Do you approve Playbook Terminology Version 1.0 WD 01 and all associated artifacts as a Committee Note Draft 01?


    Closing Date : Wednesday, 1 April 2020 @ 10:00 pm EDT

    Description
    Do you approve Playbook Terminology Version 1.0 WD 01 and all associated artifacts packaged together in the release listed below as a Committee Note Draft and designate the MS Word version of the document as authoritative?



    WD01 Release: https://www.oasis-open.org/committees/document.php?document_id=66718&wg_abbrev=cacao



    This document defines the terminology for cyber security playbooks.

    Vote


    Yes
    No
    Abstain







    Group : OASIS Collaborative Automated Course of Action Operations (CACAO) for Cyber Security TC
    Date Opened : Tuesday, 17 March 2020 @ 6:00 pm EDT




     







Related Content