1、CCITT RECNN*X*7YO 92 m 4862591 0575267 T32 m INTERNATIONAL TELECOMMUNICATION UNION CCITT THE INTERNATIONAL TELEGRAPH AND TELEPHONE CONSULTATIVE COMMITTEE DATA COMMUNICATION NETWORKS X.740 (09192) INFORMATION TECHNOLOGY - OPEN SYSTEMS INTERCONNECTION - SYSTEMS MANAGEMENT: SECURITY AUDIT TRAIL FUNCTIO
2、N Recommendation X.740 COPYRIGHT International Telecommunications Union/ITU TelecommunicationsLicensed by Information Handling ServicesCCITT RECMN*X*?40 92 W 4862591 05752b8 979 Foreword ITU (Intemationai Telecommunication Union) is the Unital Nations Specialized Agency in the field of telecommunica
3、tions. The CC (the Intematid Telegraph and Telephone Consultative Committee) is a permanent organ of the T. Some 166 member countries, 68 telecom operating entities, 163 scientific and industriai organizatioos and 39 international organizations participate in (3Ci“T which is the body which sets worl
4、d telecommunicatioos standards (Recommendations). The approval of Recomendatioos by the members of CC is covered by the lmcedure laid down in CC“ Resolution No. 2 (Melbourne, 1988). In addition, the Plenary Assembly of CCIlT, which meets every four years, approves Recommendations submitted to it and
5、 establishes the study programme for the following period. In some areas of information technology, which fall within CCITs purview, the necessary standards are prepared on a collaborative basis with IS0 and IEC. The text of CC Recommendation X.740 was approved on 10th September 1992. The identical
6、text is also published as ISO/IEC intemational Standard 10164-8. CClT NOTE In this Recommeodatioo, the expmsion “Adminislration“ is used for conciseness to indicate both a telecommunication Administration and arecognized private operating agency. Q 1993 AU rights reserved. No part of this publicatio
7、n may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from the ITU. COPYRIGHT International Telecommunications Union/ITU TelecommunicationsLicensed by Information Handling Services1 2 3 4 5 6 7 8 9 1
8、0 11 12 13 Contents scope . Normative references . 2.1 Identicai Recommendations I Internatid Staodatds 2.2 Paired Recommendations I Intematid Standards equivalent in technid Content . 2.3 Additionai references Definitions 3.1 Basic refmnce model definitions . 3.2 Security architecture definitions 3
9、.3 Management framework definitions 3.4 Systems management overview definitions . 3.5 Event report management definitions 3.6 Security alarm reporthg definitions 3.7 Log control defmitions 3.8 OS1 conformance testing defmitions . Abbreviations Conventions . Requirements. Model Generic defmitions 8.1
10、 Generic notifications . 8.2 Managed object 8.3 Imported generic definitions . 8.4 Compliance . Service definition 9.1 Introduction 9.2 Security audit brail reporting service . Functional units . Protocol . 1 1.1 Elements of procedure 11.2 Abstract syntax . 11.3 Negotiation of security audit trail r
11、eporting functional unit . Relationships with other functions . Conformance . 13.1 General conformance class requirements 13.2 Dependent conformance class requirements 13.3 Management information conformance requirements 13.4 PICS requirements Annex A Definition of management information . Annex B M
12、CS proforma Annex C MOCS proforma . Annex D MlDS (notification) proforma . Annex F Relationship with the security audit framework . Annex E PICS proforma Page 1 1 2. 2 3 3 3 3 3 3 4 4 4 4 4 4 5 5 5 5 6 .7 7 7 7 7 8 8 8 8 9 10 10 10 10 11 11 12 14 16 19 20 26 COPYRIGHT International Telecommunication
13、s Union/ITU TelecommunicationsLicensed by Information Handling ServicesCCITT RECMN*X.40 i2 = 4862591 0575270 527 m CCITT Recommendation ISO/ZEc International standard X.700 I 7498-4 (Note) INFORMATION NOTE Short title Management Framework The following table gives a list of X.700 series Recommendati
14、ons which were, developed in collaboratio0 with the ISO/iEC and are identicai to the corresponding Internationai Standard. Cross-references to the corresponding ISOWC Internaiionai Standard number and the short titie of the Recommendation I Inteniational Standard are provided. X.701 I loo40 X.710 I
15、9595 (Note) X.711 I 9596-1 (NO*) Systems Management Overview Common Management Information Service Definition Common Management information Protocol Specification X.712 19596-2 X.720 I 10165-1 X.721 110165-2 CMEP PICS Management information Model Definition of Management Information I X.722 I 10165-
16、4 X.730 I 10164-1 X.731110164-2 I Guidelines for the Definition of Managed Objects I Object Management Function Stak Management Function X.732 I 10164-3 x.733 I 10164-4 x.734 I 10164-5 Attributes for Representing Relationships Alarm Reporting Function Event re Management Function X.735 110164-6 X.73
17、6 I 10164-7 X.740 I 10164-8 NOTE - This Recommendation and International Standard are not identical, but are technically aiigned. Log Control Function Security Alarm Reporting Function Security Audit Trail Function COPYRIGHT International Telecommunications Union/ITU TelecommunicationsLicensed by In
18、formation Handling ServicesCCITT RECMNUX-740 92 4862591 0575271 463 m IsO/EC 10164-8 : 1993 (E) INTERNATIONAL STANDARD CCIT RECOMMENDATION INFORMATION TECHNOLOGY - OPEN SYSTEMS INTERCONNECTION - SYSTEMS MANAGEMENT: SECURITY AUDIT TRAIL FUNCTION 1 Scope This Recommendation I International Standard de
19、bes the security audit trail function. The security audit trail function is a systems management function which may be used by an application process in a centralized or decenaalized management environment to exchange information and commands for the purpose of systems management, as defined by CCi“
20、 Rec. X.700 I IS0 7498-4. This Recommendation I Intemational Standard is positioned in the application layer of CCIT Rec. X.200 I IS0 7498 and is defined according to the model provided by ISOWC 9545. The role of systems management functions is described by CCIT Rec. X.701 I ISO/lEC 1o040. This Reco
21、mmendation I International Standard establishes user requirements for the service definition needed to support the security audit tra reporting function; defines the service provided by the security audit trail reporting function; specifies the protocol that is necessary in order to provide the serv
22、ice; defines the relationship between the service and management notifications; defines relationships with other systems management functions; - - - - - - specifies conformance requirements. This Recommendation I Iniernational Standard does not define - a security audit, nor how to perform one. A se
23、curity audit may be used to assist in assessing the effectiveness of a security policy. The security policy identifies the categories of security-related events that require auditing, and the location of the security audit trail log in which they are to be recorded; the nature of any implementation
24、intended to provide the security audit trail function; the occasions where the use of the security audit trail function is appropriate; the services necessary for the establishment, normal and abnormal release of a management association; any other notifications defined by other Recommendations I In
25、ternational Standards which may be of interest to a security administrator. - - - - 2 Normative references The following CCITT Recommendations and International Standards contain provisions which, through reference in this text, constitute provisions of this Recommendation I International Standard.
26、At the time of publication, tbe editions- indicated were valid. Ail Recommendations and Standards are subject to revision, and parties to agreements based on tbis Recommendation I International Standard are encouraged to investigate the possibility of applying the most recent editions of the Recomme
27、ndations and Standards listed below. Members of IEC and IS0 maintain registers of currently valid International Standards. he CCi“ Secretariat maintains a list of currentiy valid CCIT Recommendations. CCm Rec. X.740 (1992 E) 1 COPYRIGHT International Telecommunications Union/ITU TelecommunicationsLi
28、censed by Information Handling ServicesCCITT RECMNxX.740 92 D 48b2591 0575272 3TT W Iso/IEC 10164-8 : 1993 (E) 2.1 Identical Recommendations I International Standards - CCITT Recommendation X.701(1992) I ISO/IEC 10040:1992, Information technology - Open System Interconnection - Systems manugement ov
29、erview. CCITI: Recommendation X.721 (1992) I ISOWC 10165-21992, Information technology - Open Systems Interconnection - Structure of management infortnation: Definiton of management informatbn. CClT Recommendation X.722 (1992) I ISOWC 1016541992, IrmaFion technology - Open Systems Interconnection -
30、Structure (i managemeni mfOrmatio?r Guidelines for the demtion of managed objects. CCFTT Recommendation X.724l) I ISO/IEC 10165-60, Information technology - Open Systems Interconnection - Structure of management information: Requirements and guidelines for implementation conformance statement profon
31、nas associated with management information. CO Recommendation X.733 (1992) I ISO/EC 1016441992, Information technology - Open System Interconnection - Systems management: Alarm reporting function. CCITT Recommendation X.734 (1992) I ISO/EC 10164-51993, Information technology - Open Systems Interconn
32、ection - Systems management: Event report management fiutction. CCITT Recommendation X.735 (1992) I ISO/zEC 10164-61993, Information technology - Open Systems Interconnection - Systems management: Log control function. CC Recornmeadation X.736 (1992) I ISOWC 10164-21992, Information technology - Ope
33、n Systems Interconnection - Systems management: Security alarm reporting firnetwa - - - - - - - 2.2 Paired Recommendations I International Standards equivalent in technical content CCITT Recommendation X.200 (1988), Reference Model of Open Systems Interconnection for CCZZT IS0 74989984, Information
34、processing systems - Open Systems Interconnection - Basic Reference Model. CcITT Recommeudation X.208 (1988), Specification of Abstract Syntax Notatwn One (ASN.). ISOWC 882.49990, Information technology - Open Systems Interconnection - Speccaion of Abstract Syntax Notation One (ASN.1). CCITII Recomm
35、endation X.209 (1988), Specflcation of basic encoding rules for Abstract Syntax Notation (ASN. I). ISO/IBc 8825.1990, Information technology - Open Systems Interconnection - Speccation of Basic Encoding Rulesfor Abstract Syntax Notation One (ASN.1). CCI“ Recommendation X.210 (1988), Open System Inte
36、rconnection layer service demtim conventwns. ISO/TR 8509:1987, Information processing systems - Open Systems Interconnection - Service conve b) securitypoiicy. 3.3 Management framework definitions This Recommendation I International Standard makes use of the following term define in CCIiT Rec. X.70
37、I IS0 7498-4: managed object. 3.4 Systems management overview definitions This Recommendation I International Standard makes use of the following terms defined in CCITT Rec. X.701 I ISOrnC 1o040: a) agent role; b) dependent conformance; c) genemiconformance; d) management domain; e) manager role; f)
38、 notification; g) systems management functional unit. : ,. 1) Preseny at the stage of cirafi. CCIT Rec. X.740 (1W E) 3 COPYRIGHT International Telecommunications Union/ITU TelecommunicationsLicensed by Information Handling ServicesCCITT RECMN*X.740 92 m 48b259L 0575274 L72 m ISO/IEC 1u164-8 : 1993 0
39、 3.5 Event report management definitions This Recommendation I Intemational Standard makes use of the following term defined in CClT Rec. X.734 I Isom 10164-5: discriminator. 3.6 Security alarm reporting definitions This Reammendation I Internationai Standard makes use of the following team defined
40、in CCl“ Rec. X.736 I ISO/IEC 10164-7: security-related event. 3.7 Log control definitions This Recommendation I International Standard makes use of the following terms defined in CClT Rec. X.735 I ISO/IEC 10164-6: a) log; b) log record. 3.8 OS1 conformance testing definitions This Recommendation I I
41、ntemational Standard makes use of the following terms defined in CCIIT Rec. X.290 I Isowc 9646-1: i a) PICSpmfq b) prowl implementation conformance statement (PICS); c) system canfolrmmce statement. 4 Abbreviations ASN. 1 Abstract Syntax Notation One CMIS Common Management Information Services Conf
42、Coanrmation Ind Inditatia.l MAPDU MCS Managmentconfarmancesimunary MIDS ManagementinfonnationdefnitiCJnstatement MOCS Manage object conformance statement os1 Open Systems Interconoecb on PICS Protoc431 implenm conformance statement Req Request RSP Response Management Application Protocol Daa Unit SM
43、APM Systems Managemeut Application Protocol Marhine 5 Conventions This Recommendation I Interoational Standard defines services for the security audit trail function using the dedptive conventions dew in CCi“ Rec. X.210 I ISOlR 8509. In clause 9, the dennitiOn of each service includes a table that l
44、ists the parameters of its pnmitiveS. For a ven primitive, the preseme of each parameter is described by one of the following values: M the parameter is mandatory; (=) the vaiue of the parameter is equal to the value of the parameter in the wlumn to the left; U the use of the parameter is a service-
45、user option; 4 CCFIT Ree.X.748 (1992 E) COPYRIGHT International Telecommunications Union/ITU TelecommunicationsLicensed by Information Handling ServicesCCITT RECMN*Xm7YO 72 = YB62591 0575275 009 ISO/IEC 10164-8 : 1993 (E) - the parameter is not present in the interaction described by the primitive c
46、oncerned, C the parameter is umditionai. The conditim(s) are defined by the text which describes the patameter; P subject to the constraints imposed on the parameter by CC Rec. X.710 I ISO/LEC 9595. NOTE - The parameters tha are marked “P. in Table 1 are mapped directly onto the corresponding parame
47、ters of the CMIS service primitive, without changing the semantics or syntax of the parameters. The remaining parameters are used t construct an MAFDU. 6 Requirements The security management user requires the ability to record in a security audit trail log, security-related events that occur in the
48、management domain. The security policy of an open system may require that pariicular security-related events be sent to a security audit trail log in the same or in a different open system. The types of security-related event that may be subject to security auditing include, but are not limited to -
49、 connections; - disconnections; - security mechanism utilization; - management operations; and - usage accounting. The security management user also requires the ability to control the operation of the security audit aail function. This Recommendation I International Standard describes the use of services and techniques to satisfy thew requirements. 7 Model This Recommendation I International Standard requires that the security-related events sali be logged according to the procedures defined in CCIT Rec. X.735 I ISOAEC 10164-6
