1、 International Telecommunication Union ITU-T X.1528.1TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU (09/2012) SERIES X: DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY Cybersecurity information exchange Vulnerability/state exchange Common platform enumeration naming Recommendation ITU-T X.15
2、28.1 ITU-T X-SERIES RECOMMENDATIONS DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY PUBLIC DATA NETWORKS X.1X.199 OPEN SYSTEMS INTERCONNECTION X.200X.299 INTERWORKING BETWEEN NETWORKS X.300X.399 MESSAGE HANDLING SYSTEMS X.400X.499 DIRECTORY X.500X.599 OSI NETWORKING AND SYSTEM ASPECTS X.600X.
3、699 OSI MANAGEMENT X.700X.799 SECURITY X.800X.849 OSI APPLICATIONS X.850X.899 OPEN DISTRIBUTED PROCESSING X.900X.999 INFORMATION AND NETWORK SECURITY General security aspects X.1000X.1029 Network security X.1030X.1049 Security management X.1050X.1069 Telebiometrics X.1080X.1099 SECURE APPLICATIONS A
4、ND SERVICES Multicast security X.1100X.1109 Home network security X.1110X.1119 Mobile security X.1120X.1139 Web security X.1140X.1149 Security protocols X.1150X.1159 Peer-to-peer security X.1160X.1169 Networked ID security X.1170X.1179 IPTV security X.1180X.1199 CYBERSPACE SECURITY Cybersecurity X.1
5、200X.1229 Countering spam X.1230X.1249 Identity management X.1250X.1279 SECURE APPLICATIONS AND SERVICES Emergency communications X.1300X.1309 Ubiquitous sensor network security X.1310X.1339 CYBERSECURITY INFORMATION EXCHANGE Overview of cybersecurity X.1500X.1519 Vulnerability/state exchange X.1520
6、X.1539Event/incident/heuristics exchange X.1540X.1549 Exchange of policies X.1550X.1559 Heuristics and information request X.1560X.1569 Identification and discovery X.1570X.1579 Assured exchange X.1580X.1589 For further details, please refer to the list of ITU-T Recommendations. Rec. ITU-T X.1528.1
7、(09/2012) i Recommendation ITU-T X.1528.1 Common platform enumeration naming Summary Recommendation ITU-T X.1528.1, Common platform enumeration naming, defines the logical structure of names for IT product classes and the procedures for binding and unbinding these names to and from machine-readable
8、encodings. This Recommendation also defines and explains the requirements that IT products must meet to claim conformance with this Recommendation. This is achieved by listing the relevant clauses of the NIST Interagency Report 7696 Common Platform Enumeration: Name Matching Specification version 2.
9、3 and showing whether they are normative or informative. History Edition Recommendation Approval Study Group 1.0 ITU-T X.1528.1 2012-09-07 17 ii Rec. ITU-T X.1528.1 (09/2012) FOREWORD The International Telecommunication Union (ITU) is the United Nations specialized agency in the field of telecommuni
10、cations, information and communication technologies (ICTs). The ITU Telecommunication Standardization Sector (ITU-T) is a permanent organ of ITU. ITU-T is responsible for studying technical, operating and tariff questions and issuing Recommendations on them with a view to standardizing telecommunica
11、tions on a worldwide basis. The World Telecommunication Standardization Assembly (WTSA), which meets every four years, establishes the topics for study by the ITU-T study groups which, in turn, produce Recommendations on these topics. The approval of ITU-T Recommendations is covered by the procedure
12、 laid down in WTSA Resolution 1. In some areas of information technology which fall within ITU-Ts purview, the necessary standards are prepared on a collaborative basis with ISO and IEC. NOTE In this Recommendation, the expression “Administration“ is used for conciseness to indicate both a telecommu
13、nication administration and a recognized operating agency. Compliance with this Recommendation is voluntary. However, the Recommendation may contain certain mandatory provisions (to ensure, e.g., interoperability or applicability) and compliance with the Recommendation is achieved when all of these
14、mandatory provisions are met. The words “shall“ or some other obligatory language such as “must“ and the negative equivalents are used to express requirements. The use of such words does not suggest that compliance with the Recommendation is required of any party. INTELLECTUAL PROPERTY RIGHTS ITU dr
15、aws attention to the possibility that the practice or implementation of this Recommendation may involve the use of a claimed Intellectual Property Right. ITU takes no position concerning the evidence, validity or applicability of claimed Intellectual Property Rights, whether asserted by ITU members
16、or others outside of the Recommendation development process. As of the date of approval of this Recommendation, ITU had not received notice of intellectual property, protected by patents, which may be required to implement this Recommendation. However, implementers are cautioned that this may not re
17、present the latest information and are therefore strongly urged to consult the TSB patent database at http:/www.itu.int/ITU-T/ipr/. ITU 2012 All rights reserved. No part of this publication may be reproduced, by any means whatsoever, without the prior written permission of ITU. Rec. ITU-T X.1528.1 (
18、09/2012) iii Table of Contents Page 1 Scope 1 2 References. 1 3 Definitions 1 3.1 Terms defined elsewhere 1 3.2 Terms defined in this Recommendation . 1 4 Abbreviations and acronyms 1 5 Conventions 2 6 CPE naming specification 2 6.1 Introduction 2 6.2 Definitions and abbreviations . 2 6.3 Relationsh
19、ip to existing specifications and standards 2 6.4 Conformance 2 6.5 Well-formed CPE name data model . 2 6.6 Name binding and unbinding . 3 6.7 Bound name conversions 3 iv Rec. ITU-T X.1528.1 (09/2012) Introduction Common platform enumeration (CPE) is a structured method of describing and identifying
20、 classes of applications, operating systems, and hardware devices present among an enterprises computing assets. CPE can be used as a source of information for enforcing and verifying IT management policies relating to these assets, such as vulnerability, configuration, and remediation policies. IT
21、management tools can collect information about installed products, identify products using their CPE names, and use this structured information to facilitate fully or partially automated decisions regarding the assets. CPE consists of several modular specifications. Combinations of the specification
22、s work together in layers to perform various functions. This specification, CPE Naming, defines standardized methods for assigning names to IT product classes. An example is the following name representing the fictitious product, XYZ Visualizer Enterprise Suite 4.2.3 Beta: wfn:part=“a“,vendor=“xyz“,
23、product=“visualizer_enterprise_suite“, version=“4.2.3“,update=“beta“ This method of naming is known as a well-formed CPE name (WFN). It is an abstract logical construction. The CPE Naming specification defines procedures for binding WFNs to machine-readable encodings, as well as unbinding those enco
24、dings back to WFNs. One of the bindings, called a uniform resource identifier (URI) binding, is included in CPE version 2.3 for backward compatibility with CPE version 2.2. The URI binding representation of the WFN for the fictitious product above is: cpe:/a:xyz:visualizer_enterprise_suite:4.2.3:bet
25、a The second binding defined in CPE 2.3 is called a formatted string binding. It has a somewhat different syntax than the URI binding, and it also supports additional product attributes. With the formatted string binding, the WFN for the fictitious product above can be represented by the following.
26、cpe:2.3:a:xyz:visualizer_enterprise_suite:4.2.3:beta:*:*:*:*:*:* The WFN concept and the bindings defined by the CPE Naming specification are the fundamental building blocks at the core of all CPE functionality. Rec. ITU-T X.1528.1 (09/2012) 1 Recommendation ITU-T X.1528.1 Common platform enumeratio
27、n naming 1 Scope This Recommendation on common platform enumeration (CPE) naming defines the logical structure of names for IT product classes and the procedures for binding and unbinding these names to and from machine-readable encodings. It also provides the requirements for well-formed CPE names
28、(WFNs). This Recommendation also defines and explains the requirements that CPE naming implementations, such as software and services, must meet to claim compliance with this Recommendation. As this Recommendation defines these specifications by listing the relevant clauses of the NIST Interagency R
29、eport 7696: Common Platform Enumeration Name Matching Specification version 2.3 and showing whether they are normative or informative, all other versions are out of the scope of this Recommendation as are all CPE specifications other than CPE Naming. 2 References The following ITU-T Recommendations
30、and other references contain provisions which, through reference in this text, constitute provisions of this Recommendation. At the time of publication, the editions indicated were valid. All Recommendations and other references are subject to revision; users of this Recommendation are therefore enc
31、ouraged to investigate the possibility of applying the most recent edition of the Recommendations and other references listed below. A list of the currently valid ITU-T Recommendations is regularly published. The reference to a document within this Recommendation does not give it, as a stand-alone d
32、ocument, the status of a Recommendation. NISTIR 7695 NIST Interagency Report 7695, Common Platform Enumeration: Naming Specification Version 2.3, August 2011. 3 Definitions 3.1 Terms defined elsewhere None. 3.2 Terms defined in this Recommendation None. 4 Abbreviations and acronyms CPE Common Platfo
33、rm Enumeration NIST National Institute of Standards and Technology NISTIR NIST Interagency Report URI Uniform Resource Identifier WFN Well-formed CPE Name 2 Rec. ITU-T X.1528.1 (09/2012) 5 Conventions The following terms are considered equivalent: In ITU use of the word “shall“ and “must“ and their
34、negatives are considered equivalent. In ITU use of the word “shall“ is equivalent to the NISTIR use of the word “MUST“. In ITU use of the phrase “shall not“ is equivalent to the NISTIR use of the term “MUST NOT“. NOTE In the NISTIR use of the words “shall“ and “must“ (in lower case) are used for inf
35、ormative text. 6 CPE naming specification This clause defines the logical structure of names for IT product classes and the procedures for binding and unbinding these names to and from machine-readable encodings. This clause provides direct references to NIST Interagency Report Common Platform Enume
36、ration Name Matching Specification version 2.3 through alignment of the clauses with the section numbers such that clause 6.x aligns with NISTIR 7695 section x with matching titles. 6.1 Introduction b-NISTIR 7695 section 1 is informative. 6.2 Definitions and abbreviations b-NISTIR 7695 section 2 is
37、informative. 6.3 Relationship to existing specifications and standards b-NISTIR 7695 section 3 is informative. 6.4 Conformance b-NISTIR 7695 section 4 is informative. 6.5 Well-formed CPE name data model NISTIR 7695 section 5 is normative. 6.5.1 Definitions and notation NISTIR 7695 section 5.1 is nor
38、mative. 6.5.2 WFN attributes NISTIR 7695 section 5.2 is normative. 6.5.3 WFN attribute values NISTIR 7695 section 5.3 is normative. 6.5.3.1 Logical values NISTIR 7695 section 5.3.1 is normative. 6.5.3.2 Restrictions on attribute-value strings NISTIR 7695 section 5.3.2 is normative. 6.5.3.3 Per-attri
39、bute value restrictions NISTIR 7695 section 5.3.3 is normative. Rec. ITU-T X.1528.1 (09/2012) 3 6.5.4 Operations on WFNs NISTIR 7695 section 5.4 is normative. 6.5.4.1 Function new() NISTIR 7695 section 5.4.1 is normative. 6.5.4.2 Function get(w,a) NISTIR 7695 section 5.4.2 is normative. 6.5.4.3 Func
40、tion set(w,a,v) NISTIR 7695 section 5.4.3 is normative. 6.5.5 WFN examples NISTIR 7695 section 5.5 is normative. 6.6 Name binding and unbinding NISTIR 7695 section 6 is normative. 6.6.1 URI binding NISTIR 7695 section 6.1 is normative. 6.6.1.1 URI binding syntax NISTIR 7695 section 6.1.1 is normativ
41、e. 6.6.1.2 Binding a WFN to a URI NISTIR 7695 section 6.1.2 is normative. 6.6.1.3 Unbinding a URI to a WFN NISTIR 7695 section 6.1.3 is normative. 6.6.2 Formatted string binding NISTIR 7695 section 6.2 is normative. 6.6.2.1 Syntax for formatted string binding NISTIR 7695 section 6.2.1 is normative.
42、6.6.2.2 Binding a WFN to a formatted string NISTIR 7695 section 6.2.2 is normative. 6.6.2.3 Unbinding a formatted string to a WFN NISTIR 7695 section 6.2.3 is normative. 6.7 Bound name conversions NISTIR 7695 section 7 is normative. 6.7.1 Converting a URI to a formatted string NISTIR 7695 section 7.
43、1 is normative. 6.7.2 Converting a formatted string to a URI NISTIR 7695 section 7.2 is normative. Printed in Switzerland Geneva, 2012 SERIES OF ITU-T RECOMMENDATIONS Series A Organization of the work of ITU-T Series D General tariff principles Series E Overall network operation, telephone service,
44、service operation and human factors Series F Non-telephone telecommunication services Series G Transmission systems and media, digital systems and networks Series H Audiovisual and multimedia systems Series I Integrated services digital network Series J Cable networks and transmission of television,
45、 sound programme and other multimedia signals Series K Protection against interference Series L Construction, installation and protection of cables and other elements of outside plant Series M Telecommunication management, including TMN and network maintenance Series N Maintenance: international sou
46、nd programme and television transmission circuits Series O Specifications of measuring equipment Series P Terminals and subjective and objective assessment methods Series Q Switching and signalling Series R Telegraph transmission Series S Telegraph services terminal equipment Series T Terminals for
47、telematic services Series U Telegraph switching Series V Data communication over the telephone network Series X Data networks, open system communications and security Series Y Global information infrastructure, Internet protocol aspects and next-generation networks Series Z Languages and general software aspects for telecommunication systems
