« NIST SP800-145, Draft Difinition of Cloud Computing and SP800-144, Draft Guidelines on Security and Privacy in Public Cloud Computing | Main | JNSA 2010年 情報セキュリティインシデントに関する調査報告書【上半期 速報版】 »

2011.02.25

NIST IR-7756, Draft An Enterprise Continuous Monitoring Technical Reference Architecture

 こんにちは、丸山満彦です。最近、Continuous AuditとかContinuous Monitoring、データ監査、データ分析が話題となっておりますが、NISTがCAESARS Framework Extension: An Enterprise Continuous Monitoring Technical Reference Architectureのドラフトを公表していますね。。。

 
■NIST
IRs

=====
DRAFT CAESARS Framework Extension: An Enterprise Continuous Monitoring Technical Reference Architecture

NIST announces the public comment release of draft Interagency Report (IR) 7756, CAESARS Framework Extension: An Enterprise Continuous Monitoring Technical Reference Architecture. This publication presents an enterprise continuous monitoring technical reference architecture that extends the framework provided by the Department of Homeland Security’s CAESARS architecture. The goal is to facilitate enterprise continuous monitoring by presenting a reference architecture that enables organizations to aggregate collected data from across a diverse set of security tools, analyze that data, perform scoring, enable user queries, and provide overall situational awareness. The architecture design is focused on enabling organizations to realize this capability by leveraging their existing security tools and thus avoiding complicated and resource intensive custom tool integration efforts.
=====

Draft-nistir-7756_feb2011.pdf


=====
1. Introduction and Document Overview
 1.1 Introduction
 1.2 Document Overview
2. Defining and Scoping Continuous Security Monitoring
 2.1 Definitions
 2.2 Scoping and External System Interfaces
3. Enterprise Architecture View for Continuous Monitoring
4. Foundational Work

 4.1 Overview of the CAESARS Reference Architecture
  4.1.1 Sensor Subsystem
  4.1.2 Database Subsystem
  4.1.3 Analysis/Risk Scoring Subsystem
  4.1.4 Presentation/Reporting Subsystem
 4.2 Limitations of the CAESARS Reference Architecture
  4.2.1 Lack of Interface Specifications
  4.2.2 Reliance on an Enterprise Service Bus
  4.2.3 Incomplete Communication Payload Specifications
  4.2.4 Lack of Specifications Describing Subsystem Capabilities
  4.2.5 Lack of a Multi-CM Instance Capability
  4.2.6 Lack of Multi-Subsystem Instance Capability
  4.2.7 CM Database Integration with Security Baseline Content
  4.2.8 Lack of Detail on the Required Asset Inventory
  4.2.9 Requirement for Risk Measurement
5. CAESARS Framework Extension
 5.1 Variations on the CAESARS Architecture
 5.2 Subsystem Overview

  5.2.1 Presentation/Reporting Subsystem
  5.2.2 Analysis/Scoring Subsystem
  5.2.3 Data Aggregation Subsystem
  5.2.4 Collection Subsystem
  5.2.5 Content Subsystem
  5.2.6 Task Manager Subsystem
  5.2.7 Situational Awareness Capability
 5.3 Subsystem Interface Overview
 5.4 Multi-tier Capability

6. Use Cases and Related Workflows
7. Future Work

Appendix A—Acronyms
Appendix B—Use Case and Workflow Specifications
 B1. Data Acquisition and Analysis
 B2. Inter-tier Reporting
 B3. Intra-instance Query
 B4. Intra-instance Dynamic Query
 B5. Inter-tier Dynamic Query
=====

|

« NIST SP800-145, Draft Difinition of Cloud Computing and SP800-144, Draft Guidelines on Security and Privacy in Public Cloud Computing | Main | JNSA 2010年 情報セキュリティインシデントに関する調査報告書【上半期 速報版】 »

Comments

Post a comment



(Not displayed with comment.)




TrackBack

TrackBack URL for this entry:
http://app.cocolog-nifty.com/t/trackback/64462/50964748

Listed below are links to weblogs that reference NIST IR-7756, Draft An Enterprise Continuous Monitoring Technical Reference Architecture:

« NIST SP800-145, Draft Difinition of Cloud Computing and SP800-144, Draft Guidelines on Security and Privacy in Public Cloud Computing | Main | JNSA 2010年 情報セキュリティインシデントに関する調査報告書【上半期 速報版】 »