1、 International Telecommunication Union ITU-T M.3016.4TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU (04/2005) SERIES M: TELECOMMUNICATION MANAGEMENT, INCLUDING TMN AND NETWORK MAINTENANCE Telecommunications management network Security for the management plane: Profile proforma ITU-T Recommendation
2、M.3016.4 ITU-T M-SERIES RECOMMENDATIONS TELECOMMUNICATION MANAGEMENT, INCLUDING TMN AND NETWORK MAINTENANCE Introduction and general principles of maintenance and maintenance organization M.10M.299 International transmission systems M.300M.559 International telephone circuits M.560M.759 Common chann
3、el signalling systems M.760M.799 International telegraph systems and phototelegraph transmission M.800M.899 International leased group and supergroup links M.900M.999 International leased circuits M.1000M.1099 Mobile telecommunication systems and services M.1100M.1199 International public telephone
4、network M.1200M.1299 International data transmission systems M.1300M.1399 Designations and information exchange M.1400M.1999 International transport network M.2000M.2999 Telecommunications management network M.3000M.3599 Integrated services digital networks M.3600M.3999 Common channel signalling sys
5、tems M.4000M.4999 For further details, please refer to the list of ITU-T Recommendations. ITU-T Rec. M.3016.4 (04/2005) i ITU-T Recommendation M.3016.4 Security for the management plane: Profile proforma Summary This Recommendation defines the Conformance Profile proforma for organizations using ITU
6、-T Recs M.3016.1-M.3016.3 for specifying the telecommunications management plane requirements. By completing the proforma in this Recommendation, different profiles are specified. Source ITU-T Recommendation M.3016.4 was approved on 13 April 2005 by ITU-T Study Group 4 (2005-2008) under the ITU-T Re
7、commendation A.8 procedure. ii ITU-T Rec. M.3016.4 (04/2005) FOREWORD The International Telecommunication Union (ITU) is the United Nations specialized agency in the field of telecommunications. The ITU Telecommunication Standardization Sector (ITU-T) is a permanent organ of ITU. ITU-T is responsibl
8、e for studying technical, operating and tariff questions and issuing Recommendations on them with a view to standardizing telecommunications on a worldwide basis. The World Telecommunication Standardization Assembly (WTSA), which meets every four years, establishes the topics for study by the ITU-T
9、study groups which, in turn, produce Recommendations on these topics. The approval of ITU-T Recommendations is covered by the procedure laid down in WTSA Resolution 1. In some areas of information technology which fall within ITU-Ts purview, the necessary standards are prepared on a collaborative ba
10、sis with ISO and IEC. NOTE In this Recommendation, the expression “Administration“ is used for conciseness to indicate both a telecommunication administration and a recognized operating agency. Compliance with this Recommendation is voluntary. However, the Recommendation may contain certain mandator
11、y provisions (to ensure e.g. interoperability or applicability) and compliance with the Recommendation is achieved when all of these mandatory provisions are met. The words “shall“ or some other obligatory language such as “must“ and the negative equivalents are used to express requirements. The use
12、 of such words does not suggest that compliance with the Recommendation is required of any party. INTELLECTUAL PROPERTY RIGHTS ITU draws attention to the possibility that the practice or implementation of this Recommendation may involve the use of a claimed Intellectual Property Right. ITU takes no
13、position concerning the evidence, validity or applicability of claimed Intellectual Property Rights, whether asserted by ITU members or others outside of the Recommendation development process. As of the date of approval of this Recommendation, ITU had not received notice of intellectual property, p
14、rotected by patents, which may be required to implement this Recommendation. However, implementors are cautioned that this may not represent the latest information and are therefore strongly urged to consult the TSB patent database. ITU 2005 All rights reserved. No part of this publication may be re
15、produced, by any means whatsoever, without the prior written permission of ITU. ITU-T Rec. M.3016.4 (04/2005) iii CONTENTS Page 1 Scope 1 2 References. 1 3 Definitions 1 4 Abbreviations and acronyms 1 5 Conventions 2 6 Basis of profile proforma for security requirements. 2 6.1 Overview 2 6.2 Guideli
16、nes and instructions for proforma specification . 2 7 Proforma . 3 7.1 M.3016.1 security requirements . 3 7.2 M.3016.2 security services. 5 7.3 M.3016.3 security mechanisms 6 ITU-T Rec. M.3016.4 (04/2005) 1 ITU-T Recommendation M.3016.4 Security for the management plane: Profile proforma 1 Scope ITU
17、-T Recs M.3016.1-M.3016.3 specify a set of requirements, services, and mechanisms for the appropriate security of the management functions necessary to support the telecommunications infrastructure. Because different administrations and organizations require varying levels of security support, ITU-T
18、 Recs M.3016.1-M.3016.3 do not specify whether a requirement/service/mechanism is mandatory or optional. This Recommendation specifies the Proforma for the security requirements, mechanisms and services in ITU-T Recs M.3016.1-M.3016.3. The Proforma, when completed by different organizations, results
19、 in a profile for the security requirements, services and mechanisms. These profiles may be used by implementations to specify conformance. The proforma defined in ITU-T Rec. M.3016.4 is provided to assist organizations, administrations and other national/international organizations, specify the man
20、datory and optional support of the requirements as well as value ranges, values, etc. to help implement their security policies. 2 References The following ITU-T Recommendations and other references contain provisions which, through reference in this text, constitute provisions of this Recommendatio
21、n. At the time of publication, the editions indicated were valid. All Recommendations and other references are subject to revision; users of this Recommendation are therefore encouraged to investigate the possibility of applying the most recent edition of the Recommendations and other references lis
22、ted below. A list of the currently valid ITU-T Recommendations is regularly published. The reference to a document within this Recommendation does not give it, as a stand-alone document, the status of a Recommendation. ITU-T Recommendation M.3016.0 (2005), Security for the management plane: Overview
23、. ITU-T Recommendation M.3016.1 (2005), Security for the management plane: Security requirements. ITU-T Recommendation M.3016.2 (2005), Security for the management plane: Security services. ITU-T Recommendation M.3016.3 (2005), Security for the management plane: Security mechanisms. 3 Definitions Th
24、ere are no new definitions in this Recommendation. 4 Abbreviations and acronyms This Recommendation uses the following abbreviations: PP Profile Proforma 2 ITU-T Rec. M.3016.4 (04/2005) 5 Conventions In ITU-T Recs M.3016.1-M.3016.3, a descriptor is used to identify the different requirements, servic
25、es and mechanisms. The descriptor consists of one of the following three-letter labels followed by a number: REQ for requirement; SER for service; MEC for mechanism. 6 Basis of profile proforma for security requirements 6.1 Overview ITU-T Recs M.3016.1-M.3016.3 specify a set of requirements, service
26、s and mechanisms for the appropriate security of the management functions necessary to support the telecommunications infrastructure. Because different administrations and organizations require varying levels of security support, ITU-T Recs M.3016.1-M.3016.3 do not specify whether a requirement/mech
27、anism/service is mandatory or optional. The proforma defined in this Recommendation is to assist administrations and other national/international organizations to specify the mandatory and optional support of the requirements, as well as value ranges, values, etc. The proforma is specified using the
28、 numbered requirements from ITU-T Recs M.3016.1-M.3016.3. 6.2 Guidelines and instructions for proforma specification The proforma is specified using tabular representation. For each Recommendation, one table is provided and should be completed for the profile. Each table has the following columns: a
29、) The requirement number from the Recommendation; b) Status; c) The value range or value; d) Comments or notes. The tables in this Recommendation have the first column completed. Organizations using the profiles should complete the tables as follows. For each requirement in the status column indicat
30、e: m Mantory; o Optional; c Conditional; x Prohibited (“x“ stands for “excluded“); Not applicable or out of scope. If status is “c“, the comment column should define the condition that must be true for supporting the requirement. The value range or value column specifies applicable range or specific
31、 values. For example, a requirement for the length of the key is placed in that column. The comment column is used to include information relevant for the implementing the requirement according to that profile. ITU-T Rec. M.3016.4 (04/2005) 3 7 Proforma 7.1 M.3016.1 security requirements Table 1/M.3
32、016.4 contains the requirements from ITU-T Rec. M.3016.1 and the user should complete the other columns according to the guidelines provided above. Table 1/M.3016.4 Proforma for requirements in ITU-T Rec. M.3016.1 Security requirements Status Value range/Values Comments REQ 1 REQ 2 REQ 3 REQ 4 REQ 5
33、 REQ 6 REQ 7 REQ 8 REQ 9 REQ 10 REQ 11 REQ 12 REQ 13 REQ 14 REQ 15 REQ 16 REQ 17 REQ 18 REQ 19 REQ 20 REQ 21 REQ 22 REQ 23 REQ 24 REQ 25 REQ 26 REQ 27 REQ 28 REQ 29 REQ 30 REQ 31 REQ 32 REQ 33 REQ 34 4 ITU-T Rec. M.3016.4 (04/2005) Table 1/M.3016.4 Proforma for requirements in ITU-T Rec. M.3016.1 Se
34、curity requirements Status Value range/Values Comments REQ 35 REQ 36 REQ 37 REQ 38 REQ 39 REQ 40 REQ 41 REQ 42 REQ 43 REQ 44 REQ 45 REQ 46 REQ 47 REQ 48 REQ 49 REQ 50 REQ 51 REQ 52 REQ 53 REQ 54 REQ 55 REQ 56 REQ 57 REQ 58 REQ 59 REQ 60 ITU-T Rec. M.3016.4 (04/2005) 5 7.2 M.3016.2 security services
35、Table 2/M.3016.4 contains the requirements from ITU-T Rec. M.3016.2 and the user should complete the other columns according to the guidelines provided above. Table 2/M.3016.4 Proforma for Requirements in M.3016.2 Security requirements Status Value range/Values Comments SER 1 SER 2 SER 3 SER 4 SER 5
36、 SER 6 SER 7 SER 8 SER 9 SER 10 6 ITU-T Rec. M.3016.4 (04/2005) 7.3 M.3016.3 security mechanisms Table 3/M.3016.4 contains the requirements from ITU-T Rec. M.3016.2 and the user should complete the other columns according to the guidelines provided above. Table 3/M.3016.4 Proforma for requirements i
37、n M.3016.3 Security requirements Status Value range/Values Comments MEC 1 MEC 2 MEC 3 MEC 4 MEC 5 MEC 6 MEC 7 MEC 8 MEC 9 MEC 10 MEC 11 MEC 12 MEC 13 MEC 14 MEC 15 MEC 16 MEC 17 MEC 18 MEC 19 MEC 20 MEC 21 MEC 22 MEC 23 MEC 24 MEC 25 MEC 26 MEC 27 MEC 28 MEC 29 MEC 30 MEC 31 MEC 32 MEC 33 MEC 34 MEC
38、 35 MEC 36 ITU-T Rec. M.3016.4 (04/2005) 7 Table 3/M.3016.4 Proforma for requirements in M.3016.3 Security requirements Status Value range/Values Comments MEC 37 MEC 38 MEC 39 MEC 40 MEC 41 MEC 42 Printed in Switzerland Geneva, 2005 SERIES OF ITU-T RECOMMENDATIONS Series A Organization of the work o
39、f ITU-T Series D General tariff principles Series E Overall network operation, telephone service, service operation and human factors Series F Non-telephone telecommunication services Series G Transmission systems and media, digital systems and networks Series H Audiovisual and multimedia systems Se
40、ries I Integrated services digital network Series J Cable networks and transmission of television, sound programme and other multimedia signals Series K Protection against interference Series L Construction, installation and protection of cables and other elements of outside plant Series M Telecommu
41、nication management, including TMN and network maintenance Series N Maintenance: international sound programme and television transmission circuits Series O Specifications of measuring equipment Series P Telephone transmission quality, telephone installations, local line networks Series Q Switching
42、and signalling Series R Telegraph transmission Series S Telegraph services terminal equipment Series T Terminals for telematic services Series U Telegraph switching Series V Data communication over the telephone network Series X Data networks, open system communications and security Series Y Global information infrastructure, Internet protocol aspects and next-generation networks Series Z Languages and general software aspects for telecommunication systems
