书签分享收藏举报版权申诉 / 16

立即下载加入VIP,交流精品资源

当前位置：首页 > 标准规范 > 国际标准 > 其他 > ITU-T X 1541-2012 Incident object description exchange format (Study Group 17)《事件对象描述交换格式 17号研究组》.pdf

ITU-T X 1541-2012 Incident object description exchange format (Study Group 17)《事件对象描述交换格式 17号研究组》.pdf

上传人：registerpick115

文档编号：804710

上传时间：2019-02-04

格式：PDF

页数：16

大小：111.79KB

《ITU-T X 1541-2012 Incident object description exchange format (Study Group 17)《事件对象描述交换格式 17号研究组》.pdf》由会员分享，可在线阅读，更多相关《ITU-T X 1541-2012 Incident object description exchange format (Study Group 17)《事件对象描述交换格式 17号研究组》.pdf（16页珍藏版）》请在麦多课文档分享上搜索。

1、 International Telecommunication Union ITU-T X.1541TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU (09/2012) SERIES X: DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY Cybersecurity information exchange Event/incident/heuristics exchange Incident object description exchange format Recommendati

2、on ITU-T X.1541 ITU-T X-SERIES RECOMMENDATIONS DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY PUBLIC DATA NETWORKS X.1X.199 OPEN SYSTEMS INTERCONNECTION X.200X.299 INTERWORKING BETWEEN NETWORKS X.300X.399 MESSAGE HANDLING SYSTEMS X.400X.499 DIRECTORY X.500X.599 OSI NETWORKING AND SYSTEM ASPE

3、CTS X.600X.699 OSI MANAGEMENT X.700X.799 SECURITY X.800X.849 OSI APPLICATIONS X.850X.899 OPEN DISTRIBUTED PROCESSING X.900X.999 INFORMATION AND NETWORK SECURITY General security aspects X.1000X.1029 Network security X.1030X.1049 Security management X.1050X.1069 Telebiometrics X.1080X.1099 SECURE APP

4、LICATIONS AND SERVICES Multicast security X.1100X.1109 Home network security X.1110X.1119 Mobile security X.1120X.1139 Web security X.1140X.1149 Security protocols X.1150X.1159 Peer-to-peer security X.1160X.1169 Networked ID security X.1170X.1179 IPTV security X.1180X.1199 CYBERSPACE SECURITY Cybers

5、ecurity X.1200X.1229 Countering spam X.1230X.1249 Identity management X.1250X.1279 SECURE APPLICATIONS AND SERVICES Emergency communications X.1300X.1309 Ubiquitous sensor network security X.1310X.1339 CYBERSECURITY INFORMATION EXCHANGE Overview of cybersecurity X.1500X.1519 Vulnerability/state exch

6、ange X.1520X.1539 Event/incident/heuristics exchange X.1540X.1549Exchange of policies X.1550X.1559 Heuristics and information request X.1560X.1569 Identification and discovery X.1570X.1579 Assured exchange X.1580X.1589 For further details, please refer to the list of ITU-T Recommendations. Rec. ITU-

7、T X.1541 (09/2012) i Recommendation ITU-T X.1541 Incident object description exchange format Summary Recommendation ITU-T X.1541 describes the information model for the incident object description exchange format (IODEF) and provides an associated data model specified with XML schema. The IODEF spec

8、ifies a data model representation for sharing commonly exchanged information about computer security or other incident types. This is achieved by listing the relevant clauses of IETF RFC 5070 and showing whether they are normative or informative. History Edition Recommendation Approval Study Group 1

9、.0 ITU-T X.1541 2012-09-07 17 ii Rec. ITU-T X.1541 (09/2012) FOREWORD The International Telecommunication Union (ITU) is the United Nations specialized agency in the field of telecommunications, information and communication technologies (ICTs). The ITU Telecommunication Standardization Sector (ITU-

10、T) is a permanent organ of ITU. ITU-T is responsible for studying technical, operating and tariff questions and issuing Recommendations on them with a view to standardizing telecommunications on a worldwide basis. The World Telecommunication Standardization Assembly (WTSA), which meets every four ye

11、ars, establishes the topics for study by the ITU-T study groups which, in turn, produce Recommendations on these topics. The approval of ITU-T Recommendations is covered by the procedure laid down in WTSA Resolution 1. In some areas of information technology which fall within ITU-Ts purview, the nec

12、essary standards are prepared on a collaborative basis with ISO and IEC. NOTE In this Recommendation, the expression “Administration“ is used for conciseness to indicate both a telecommunication administration and a recognized operating agency. Compliance with this Recommendation is voluntary. Howev

13、er, the Recommendation may contain certain mandatory provisions (to ensure, e.g., interoperability or applicability) and compliance with the Recommendation is achieved when all of these mandatory provisions are met. The words “shall“ or some other obligatory language such as “must“ and the negative

14、equivalents are used to express requirements. The use of such words does not suggest that compliance with the Recommendation is required of any party. INTELLECTUAL PROPERTY RIGHTS ITU draws attention to the possibility that the practice or implementation of this Recommendation may involve the use of

15、 a claimed Intellectual Property Right. ITU takes no position concerning the evidence, validity or applicability of claimed Intellectual Property Rights, whether asserted by ITU members or others outside of the Recommendation development process. As of the date of approval of this Recommendation, IT

16、U had not received notice of intellectual property, protected by patents, which may be required to implement this Recommendation. However, implementers are cautioned that this may not represent the latest information and are therefore strongly urged to consult the TSB patent database at http:/www.it

17、u.int/ITU-T/ipr/. ITU 2013 All rights reserved. No part of this publication may be reproduced, by any means whatsoever, without the prior written permission of ITU. Rec. ITU-T X.1541 (09/2012) iii Table of Contents Page 1 Scope 1 2 References. 1 3 Definitions 1 3.1 Terms defined elsewhere 1 3.2 Term

18、s defined in this Recommendation . 1 4 Abbreviations and acronyms 1 5 Conventions 2 6 Incident object description and exchange format . 2 6.1 Introduction 2 6.2 IODEF data types . 2 6.3 The IODEF data model 3 6.4 Processing considerations . 6 6.5 Extending the IODEF . 6 6.6 Internationalization issu

19、es 6 6.7 Examples 6 6.8 The IODEF schema 7 6.9 Security considerations . 7 6.10 IANA considerations 7 6.11 Acknowledgements 7 6.12 References 7 Bibliography. 8 iv Rec. ITU-T X.1541 (09/2012) Introduction Recommendation ITU-T X.1500, Overview of cybersecurity information exchange, provides guidance f

20、or the exchange of cybersecurity information including that for incidents and indicators as provided through this ITU-T Recommendation. The incident object description exchange format (IODEF) is a data model for representing commonly exchanged information regarding computer security. It specifies an

21、 XML data model representation for conveying incident information between entities that have an operational responsibility for instituting proactive defences, remediation activities, or a watch-and-warning over a defined constituency. The data model provides a method to encode information about host

22、s, networks and the services running on these systems; exploitation methodology and associated data; impact of the incident; and limited approaches for documenting workflow. The overriding purpose of the IODEF is to enhance operational capabilities and improve situational awareness. Community adopti

23、on of the IODEF provides an improved ability to resolve incidents and convey situational awareness of the threat landscape by simplifying collaboration and information sharing. The IODEF structured format allows for: increased automation in the processing of incident information through the exchange

24、 of structure incident information, eliminating the need for security analysts to parse free-form textual documents; decreased effort in correlating similar data (even when highly structured) from different sources enhancing situational awareness; a common format on which to provide interoperability

25、 between tools for incident handling and analysis, specifically when information comes from multiple entities. Numerous procedural, trust, policy and legal considerations may restrict or prevent the exchange of information. The IODEF is a technical specification and does not attempt to address these

26、 issues. However, operational implementations of the IODEF and associated formats and protocols should consider this broader context when forming information sharing agreements. Rec. ITU-T X.1541 (09/2012) 1 Recommendation ITU-T X.1541 Incident object description exchange format 1 Scope The incident

27、 object description exchange format (IODEF) specifies a data model representation for sharing commonly exchanged information about computer security or other incident types. This Recommendation describes the information model for the IODEF and provides an associated data model specified with XML sch

28、ema. Any data model representation or framework enabling the sharing of information about computer security or other incident types must provide the capabilities to comply with all applicable national and regional laws, regulations and policies. Implementers and users of all ITU-T Recommendations, i

29、ncluding this Recommendation and the underlying techniques, shall comply with all applicable national and regional laws, regulations and policies. 2 References The following ITU-T Recommendations and other references contain provisions which, through reference in this text, constitute provisions of

30、this Recommendation. At the time of publication, the editions indicated were valid. All Recommendations and other references are subject to revision; users of this Recommendation are therefore encouraged to investigate the possibility of applying the most recent edition of the Recommendations and ot

31、her references listed below. A list of the currently valid ITU-T Recommendations is regularly published. The reference to a document within this Recommendation does not give it, as a stand-alone document, the status of a Recommendation. IETF RFC 5070 IETF RFC 5070 (2007), The Incident Object Descrip

32、tion Exchange Format. 3 Definitions 3.1 Terms defined elsewhere None. 3.2 Terms defined in this Recommendation None. 4 Abbreviations and acronyms This Recommendation uses the following abbreviations and acronyms: IANA Internet Assigned Numbers Authority IODEF Incident Object Description Exchange For

33、mat 2 Rec. ITU-T X.1541 (09/2012) 5 Conventions The following terms are considered equivalent: In ITU, the use of the word shall and must, and their negatives, are considered equivalent. In ITU, the use of the word shall is equivalent to the IETF use of the word MUST. In ITU, the use of the phrase s

34、hall not is equivalent to the IETF use of the term MUST NOT. NOTE In the IETF use of the words shall and must (in lower case) are used for informative text. 6 Incident object description and exchange format Clause 6 defines the incident object description exchange format (IODEF). This clause provide

35、s direct references to IETF RFC 5070 through alignment of the clauses with the section numbers so that clause 6.x aligns with IETF RFC 5070 section x with matching titles. NOTE An Errata to b-IETF RFC 5070 is available in b-Errata ID3333. 6.1 Introduction b-IETF RFC 5070 section 1 is informative. 6.

36、1.1 Terminology b-IETF RFC 5070 section 1.1 is informative. 6.1.2 Notations b-IETF RFC 5070 section 1.2 is informative. 6.1.3 About the IODEF data model b-IETF RFC 5070 section 1.3 is informative. 6.1.4 About the IODEF implementation b-IETF RFC 5070 section 1.4 is informative. 6.2 IODEF data types b

37、-IETF RFC 5070 section 2 is informative. 6.2.1 Integers IETF RFC 5070 section 2.1 is normative. 6.2.2 Real numbers IETF RFC 5070 section 2.2 is normative. 6.2.3 Characters and strings IETF RFC 5070 section 2.3 is normative. 6.2.4 Multilingual strings IETF RFC 5070 section 2.4 is normative. 6.2.5 Byt

38、es IETF RFC 5070 section 2.5 is normative. 6.2.6 Hexadecimal bytes IETF RFC 5070 section 2.6 is normative. Rec. ITU-T X.1541 (09/2012) 3 6.2.7 Enumerated types IETF RFC 5070 section 2.7 is normative. 6.2.8 Date-time strings IETF RFC 5070 section 2.8 is normative. 6.2.9 Timezone string IETF RFC 5070

39、section 2.9 is normative. 6.2.10 Port lists IETF RFC 5070 section 2.10 is normative. 6.2.11 Postal address IETF RFC 5070 section 2.11 is normative. 6.2.12 Person or organization IETF RFC 5070 section 2.12 is normative. 6.2.13 Telephone and fax numbers IETF RFC 5070 section 2.13 is normative. 6.2.14

40、Email string IETF RFC 5070 section 2.14 is normative. 6.2.15 Uniform resource locator strings IETF RFC 5070 section 2.15 is normative. 6.3 The IODEF data model b-IETF RFC 5070 section 3 is informative. 6.3.1 IODEF-document class IETF RFC 5070 section 3.1 is normative. 6.3.2 Incident class IETF RFC 5

41、070 section 3.2 is normative. 6.3.3 IncidentID class IETF RFC 5070 section 3.3 is normative. 6.3.4 AlternativeID class IETF RFC 5070 section 3.4 is normative. 6.3.5 RelatedActivity class IETF RFC 5070 section 3.5 is normative. 6.3.6 AdditionalData class IETF RFC 5070 section 3.6 is normative. 6.3.7

42、Contact class IETF RFC 5070 section 3.7 is normative. 4 Rec. ITU-T X.1541 (09/2012) 6.3.7.1 RegistryHandle class IETF RFC 5070 section 3.7.1 is normative. 6.3.7.2 PostalAddress class IETF RFC 5070 section 3.7.2 is normative. 6.3.7.3 Email class IETF RFC 5070 section 3.7.3 is normative. 6.3.7.4 Telep

43、hone and fax classes IETF RFC 5070 section 3.7.4 is normative. 6.3.8 Time classes IETF RFC 5070 section 3.8 is normative. 6.3.8.1 StartTime IETF RFC 5070 section 3.8.1 is normative. 6.3.8.2 EndTime IETF RFC 5070 section 3.8.2 is normative. 6.3.8.3 DetectTime IETF RFC 5070 section 3.8.3 is normative.

44、 6.3.8.4 ReportTime IETF RFC 5070 section 3.8.4 is normative. 6.3.8.5 DateTime IETF RFC 5070 section 3.8.5 is normative. 6.3.9 Method class IETF RFC 5070 section 3.9 is normative. 6.3.9.1 Reference class IETF RFC 5070 section 3.9.1 is normative. 6.3.10 Assessment class IETF RFC 5070 section 3.10 is

45、normative. 6.3.10.1 Impact class IETF RFC 5070 section 3.10.1 is normative. 6.3.10.2 TimeImpact class IETF RFC 5070 section 3.10.2 is normative. 6.3.10.3 MonetaryImpact class IETF RFC 5070 section 3.10.3 is normative. 6.3.10.4 Confidence class IETF RFC 5070 section 3.10.4 is normative. Rec. ITU-T X.

46、1541 (09/2012) 5 6.3.11 History class IETF RFC 5070 section 3.11 is normative. 6.3.11.1 HistoryItem class IETF RFC 5070 section 3.11.1 is normative. 6.3.12 EventData class IETF RFC 5070 section 3.12 is normative. 6.3.12.1 Relating the incident and EventData classes IETF RFC 5070 section 3.12.1 is no

47、rmative. 6.3.12.2 Cardinality of EventData IETF RFC 5070 section 3.12.2 is normative. 6.3.13 Expectation class IETF RFC 5070 section 3.13 is normative. 6.3.14 Flow class IETF RFC 5070 section 3.14 is normative. 6.3.15 System class IETF RFC 5070 section 3.15 is normative. 6.3.16 Node class IETF RFC 5

48、070 section 3.16 is normative. 6.3.16.1 Counter class IETF RFC 5070 section 3.16.1 is normative. 6.3.16.2 Address class IETF RFC 5070 section 3.16.2 is normative. 6.3.16.3 NodeRole class IETF RFC 5070 section 3.16.3 is normative. 6.3.17 Service class IETF RFC 5070 section 3.17 is normative. 6.3.17.1

49、 Application class IETF RFC 5070 section 3.17.1 is normative. 6.3.18 OperatingSystem class IETF RFC 5070 section 3.18 is normative. 6.3.19 Record class IETF RFC 5070 section 3.19 is normative. 6.3.19.1 RecordData class IETF RFC 5070 section 3.19.1 is normative. 6 Rec. ITU-T X.1541 (09/2012) 6.3.19.2 RecordPattern class IETF RFC 5070 section 3.19.2 is normative. 6.3.19.3 Re

下载提示：本站仅提供存储空间/不修改/不编辑

1.请仔细阅读文档，确保文档完整性，对于不预览、不比对内容而直接下载带来的问题本站不予受理。
2.下载的文档，不会出现我们的网址水印。
3、该文档所得收入（下载+内容+预览）归上传者、原创作者；如果您是本文档原作者，请点此认领！既往收益都归您。

同意并开始全文预览

文档包含非法信息？点此举报后获取现金奖励！

文档加载中……请稍候！
如果长时间未打开，您也可以点击刷新试试。

下载文档到电脑，查找使用更方便

10000 积分 0人已下载

下载	加入VIP,交流精品资源

版权申诉 word格式文档无特别注明外均可编辑修改；预览文档经过压缩，下载后原文更清晰！ 立即下载

配套讲稿：: 如PPT文件的首页显示word图标，表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
特殊限制：: 部分文档作品中含有的国旗、国徽等图片，仅作为作品整体效果示例展示，禁止商用。设计者仅对作品中独创性部分享有著作权。
关键词：: ITUTX15412012INCIDENTOBJECTDESCRIPTIONEXCHANGEFORMATSTUDYGROUP17 事件对象描述交换格式 17 研究 PDF

麦多课文档分享所有资源均是用户自行上传分享，仅供网友学习交流，未经上传用户书面授权，请勿作他用。

关于本文

本文标题：ITU-T X 1541-2012 Incident object description exchange format (Study Group 17)《事件对象描述交换格式 17号研究组》.pdf
链接地址：http://www.mydoc123.com/p-804710.html