ITU-T X 1500 AMD 11-2017 Overview of cybersecurity information exchange Amendment 11 Revised structured cybersecurity information exchange techniques (Study Group 17).pdf

1、 I n t e r n a t i o n a l T e l e c o m m u n i c a t i o n U n i o n ITU-T X.1500 TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU Amendment 11 (03/2017) SERIES X: DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY Cybersecurity information exchange Overview of cybersecurity Overview of cyberse

2、curity information exchange Amendment 11: Revised structured cybersecurity information exchange techniques Recommendation ITU-T X.1500 (2011) Amendment 11 ITU-T X-SERIES RECOMMENDATIONS DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY PUBLIC DATA NETWORKS X.1X.199 OPEN SYSTEMS INTERCONNECTION

3、X.200X.299 INTERWORKING BETWEEN NETWORKS X.300X.399 MESSAGE HANDLING SYSTEMS X.400X.499 DIRECTORY X.500X.599 OSI NETWORKING AND SYSTEM ASPECTS X.600X.699 OSI MANAGEMENT X.700X.799 SECURITY X.800X.849 OSI APPLICATIONS X.850X.899 OPEN DISTRIBUTED PROCESSING X.900X.999 INFORMATION AND NETWORK SECURITY

4、General security aspects X.1000X.1029 Network security X.1030X.1049 Security management X.1050X.1069 Telebiometrics X.1080X.1099 SECURE APPLICATIONS AND SERVICES Multicast security X.1100X.1109 Home network security X.1110X.1119 Mobile security X.1120X.1139 Web security X.1140X.1149 Security protoco

5、ls X.1150X.1159 Peer-to-peer security X.1160X.1169 Networked ID security X.1170X.1179 IPTV security X.1180X.1199 CYBERSPACE SECURITY Cybersecurity X.1200X.1229 Countering spam X.1230X.1249 Identity management X.1250X.1279 SECURE APPLICATIONS AND SERVICES Emergency communications X.1300X.1309 Ubiquit

6、ous sensor network security X.1310X.1339 PKI related Recommendations X.1340X.1349 Internet of things (IoT) security X.1360X.1369 Intelligent transportation system (ITS) security X.1370X.1379 CYBERSECURITY INFORMATION EXCHANGE Overview of cybersecurity X.1500X.1519 Vulnerability/state exchange X.1520

7、X.1539 Event/incident/heuristics exchange X.1540X.1549 Exchange of policies X.1550X.1559 Heuristics and information request X.1560X.1569 Identification and discovery X.1570X.1579 Assured exchange X.1580X.1589 CLOUD COMPUTING SECURITY Overview of cloud computing security X.1600X.1601 Cloud computing

8、security design X.1602X.1639 Cloud computing security best practices and guidelines X.1640X.1659 Cloud computing security implementation X.1660X.1679 Other cloud computing security X.1680X.1699 For further details, please refer to the list of ITU-T Recommendations. Rec. ITU-T X.1500 (2011)/Amd.11 (0

9、3/2017) i Recommendation ITU-T X.1500 Overview of cybersecurity information exchange Amendment 11 Revised structured cybersecurity information exchange techniques Summary Amendment 11 to Recommendation ITU-T X.1500 (2011) provides a list of structured cybersecurity information techniques that have b

10、een created to be continually updated as these techniques evolve, expand, are newly identified or are replaced. The list follows the outline provided in the body of the Recommendation. This amendment reflects the situation of recommended techniques as of March 2017, including bibliographical referen

11、ces. History Edition Recommendation Approval Study Group Unique ID* 1.0 ITU-T X.1500 2011-04-20 17 11.1002/1000/11060 1.1 ITU-T X.1500 (2011) Amd. 1 2012-03-02 17 11.1002/1000/11574 1.2 ITU-T X.1500 (2011) Amd. 2 2012-09-07 17 11.1002/1000/11751 1.3 ITU-T X.1500 (2011) Amd. 3 2013-04-26 17 11.1002/1

12、000/11942 1.4 ITU-T X.1500 (2011) Amd. 4 2013-09-04 17 11.1002/1000/12041 1.5 ITU-T X.1500 (2011) Amd. 5 2014-01-24 17 11.1002/1000/12159 1.6 ITU-T X.1500 (2011) Amd. 6 2014-09-26 17 11.1002/1000/12334 1.7 ITU-T X.1500 (2011) Amd. 7 2015-04-17 17 11.1002/1000/12446 1.8 ITU-T X.1500 (2011) Amd. 8 201

13、5-09-17 17 11.1002/1000/12596 1.9 ITU-T X.1500 (2011) Amd. 9 2016-03-23 17 11.1002/1000/12851 1.10 ITU-T X.1500 (2011) Amd. 10 2016-09-07 17 11.1002/1000/13071 1.11 ITU-T X.1500 (2011) Amd. 11 2017-03-30 17 11.1002/1000/13263 Keywords Cybersecurity information exchange, CYBEX, security, trust and as

14、surance. _ * To access the Recommendation, type the URL http:/handle.itu.int/ in the address field of your web browser, followed by the Recommendations unique ID. For example, http:/handle.itu.int/11.1002/1000/11830-en. ii Rec. ITU-T X.1500 (2011)/Amd.11 (03/2017) FOREWORD The International Telecomm

15、unication Union (ITU) is the United Nations specialized agency in the field of telecommunications, information and communication technologies (ICTs). The ITU Telecommunication Standardization Sector (ITU-T) is a permanent organ of ITU. ITU-T is responsible for studying technical, operating and tarif

16、f questions and issuing Recommendations on them with a view to standardizing telecommunications on a worldwide basis. The World Telecommunication Standardization Assembly (WTSA), which meets every four years, establishes the topics for study by the ITU-T study groups which, in turn, produce Recommen

17、dations on these topics. The approval of ITU-T Recommendations is covered by the procedure laid down in WTSA Resolution 1. In some areas of information technology which fall within ITU-Ts purview, the necessary standards are prepared on a collaborative basis with ISO and IEC. NOTE In this Recommenda

18、tion, the expression “Administration“ is used for conciseness to indicate both a telecommunication administration and a recognized operating agency. Compliance with this Recommendation is voluntary. However, the Recommendation may contain certain mandatory provisions (to ensure, e.g., interoperabili

19、ty or applicability) and compliance with the Recommendation is achieved when all of these mandatory provisions are met. The words “shall“ or some other obligatory language such as “must“ and the negative equivalents are used to express requirements. The use of such words does not suggest that compli

20、ance with the Recommendation is required of any party. INTELLECTUAL PROPERTY RIGHTSITU draws attention to the possibility that the practice or implementation of this Recommendation may involve the use of a claimed Intellectual Property Right. ITU takes no position concerning the evidence, validity o

21、r applicability of claimed Intellectual Property Rights, whether asserted by ITU members or others outside of the Recommendation development process. As of the date of approval of this Recommendation, ITU had not received notice of intellectual property, protected by patents, which may be required t

22、o implement this Recommendation. However, implementers are cautioned that this may not represent the latest information and are therefore strongly urged to consult the TSB patent database at http:/www.itu.int/ITU-T/ipr/. ITU 2017 All rights reserved. No part of this publication may be reproduced, by

23、 any means whatsoever, without the prior written permission of ITU. Rec. ITU-T X.1500 (2011)/Amd.11 (03/2017) 1 Recommendation ITU-T X.1500 Overview of cybersecurity information exchange Amendment 11 Revised structured cybersecurity information exchange techniques 1) Replace Appendix I with the appe

24、ndix below. Appendix I Structured cybersecurity information exchange techniques (This appendix does not form an integral part of this Recommendation.) Table I.1 Techniques in the weakness, vulnerability and state exchange cluster Technique Description References Common vulnerabilities and exposures

25、(CVE) Common vulnerabilities and exposures is a method for identifying and exchanging information security vulnerabilities and exposures, and provides common identifiers for publicly known problems. The goal of CVE is to make it easier to share data across separate vulnerability capabilities (tools,

26、 repositories and services) with this “common enumeration“. CVE is designed to allow vulnerability databases and other resources to be linked together, and to facilitate the comparison of security tools and services. As such, CVE does not contain information such as risk, impact, fix information, or

27、 detailed technical information. CVE only contains the standard identifier number with status indicator, a brief description and references to related vulnerability reports and advisories. The intention of CVE is to be comprehensive with respect to all publicly known vulnerabilities and exposures. W

28、hile CVE is designed to contain mature information, the primary focus is on identifying vulnerabilities and exposures that are detected by security tools, as well as identifying any new problems that become public, and then addressing any older security problems that require validation. b-ITU-T X.15

29、20 Common vulnerability scoring system (CVSS) The common vulnerability scoring system process provides for an open framework for communicating the characteristics and impacts of ICT vulnerabilities. CVSS consists of three groups: base, temporal and environmental. Each group produces a numeric score

30、ranging from 0 to 10, and a vector, a compressed textual representation that reflects the values used to derive the score. The base group represents the intrinsic qualities of a vulnerability. The temporal group reflects the characteristics of a vulnerability that change over time. The environmental

31、 group represents the characteristics of a vulnerability that are unique to the environment of the user. CVSS enables ICT managers, b-ITU-T X.1521 2 Rec. ITU-T X.1500 (2011)/Amd.11 (03/2017) Table I.1 Techniques in the weakness, vulnerability and state exchange cluster Technique Description Referenc

32、es vulnerability bulletin providers, security vendors, application vendors and researchers to all benefit by adopting a common language of scoring ICT vulnerabilities. Common weakness enumeration (CWE) Common weakness enumeration is a process for identifying and exchanging unified, measurable sets o

33、f software weaknesses. CWE enables more effective discussion, description, selection and use of software security tools and services that can find these weaknesses in source code and operational systems. It also provides for better understanding and management of software weaknesses related to archi

34、tecture and design. CWE implementations are compiled and updated by a diverse, international group of experts from business, academia and government agencies, ensuring breadth and depth of content. CWE provides standardized terminology, allows service providers to inform users of specific potential

35、weaknesses and proposed resolutions, and allows software buyers to compare similar products offered by multiple vendors. b-ITU-T X.1524 Common weakness scoring system (CWSS) The common weakness scoring system (CWSS) provides an open framework for communicating the characteristics and impacts of info

36、rmation and communication technology (ICT) weaknesses during development of software capabilities. The goal of CWSS is to enable ICT software developers, managers, testers, security vendors and service suppliers, buyers, application vendors and researchers to speak from a common language of scoring

37、ICT weaknesses that could manifest as vulnerabilities when the software is used. b-ITU-T X.1525 Critical Security Controls for Effective Cyber Defence (CSC) The Critical Security Controls and associated compendiums describe a specific set of technical measures available to detect, prevent, respond,

38、and mitigate damage from the most common to the most advanced of cyber attacks. The measures reflect the combined knowledge of actual attacks and effective defences b-CSC Open vulnerability and assessment language (OVAL) The language for the open definition of vulnerabilities and for the assessment

39、of a system state (also known as Open vulnerability and assessment language) is an international specification effort to promote open and publicly available security content, and to standardize the transfer of this information across the entire spectrum of security tools and services. OVAL includes

40、a language used to encode endpoint details, and an assortment of content repositories held throughout the community. The language standardizes the three main steps of the assessment process: representing configuration information of endpoints for testing, analysing the endpoint for the presence of t

41、he specified machine state (vulnerability, configuration, patch state, etc.), and reporting the results of this assessment. The repositories are collections of publicly available and open content that utilize the language. OVAL schemas written in XML have been developed to serve as the framework and

42、 vocabulary of the OVAL language. These schemas correspond to the three steps of the assessment b-ITU-T X.1526 Rec. ITU-T X.1500 (2011)/Amd.11 (03/2017) 3 Table I.1 Techniques in the weakness, vulnerability and state exchange cluster Technique Description References process: an OVAL system character

43、istics schema for representing endpoint information, an OVAL definition schema for expressing a specific machine state and an OVAL results schema for reporting the results of an assessment. eXtensible configuration checklist description format (XCCDF) The eXtensible configuration checklist descripti

44、on format is a specification language for writing security checklists, benchmarks and related kinds of documents. An XCCDF document represents a structured collection of security configuration rules for some set of target systems. The specification is designed to support information interchange, doc

45、ument generation, organizational and situational tailoring, automated compliance testing and compliance scoring. The specification also defines a data model and format for storing results of benchmark compliance testing. The intent of XCCDF is to provide a uniform foundation for expression of securi

46、ty checklists, benchmarks and other configuration guidance, and thereby foster more widespread application of good security practices. XCCDF documents are expressed in XML. b-XCCDF Common platform enumeration (CPE) Common platform enumeration (CPE) is a standardized method to identify and describe t

47、he software systems and hardware devices present in an enterprises computing asset inventory. CPE provides: a naming specification, including the logical structure of well-formed CPE names and the procedures for binding and unbinding these names with machine-readable encodings; a matching specificat

48、ion, which defines procedures for comparing CPE names to determine whether they refer to some or all of the same products or platforms; and a dictionary specification, which defines the concept of a dictionary of identifiers and prescribes high-level rules for dictionary curators. b-ITU-T X.1528 b-I

49、TU-T X.1528.1 b-ITU-T X.1528.2 b-ITU-T X.1528.3 b-ITU-T X.1528.4 Software identification tag Software identification tags (SWID tags) record unique information about an installed software application, including its name, edition, version, whether it is part of a bundle and more. SWID tags support software inventory and asset management initiatives. b-ISO/IEC 19770-2 Common configuration enumeration (CCE) Common configuration enumeration provides unique identifiers to system configuration