@techreport{schaad-sacm-architecture-00, number = {draft-schaad-sacm-architecture-00}, type = {Internet-Draft}, institution = {Internet Engineering Task Force}, publisher = {Internet Engineering Task Force}, note = {Work in Progress}, url = {https://datatracker.ietf.org/doc/draft-schaad-sacm-architecture/00/}, author = {Jim Schaad and David Waltermire}, title = {{Prospective Architecture for SACM}}, pagetotal = 17, year = 2016, month = oct, day = 31, abstract = {This document describes the high level architecture for Security Automation and Continuous Monitoring (SACM). The architecture identifies the components that provide for the collection, storage, dissemination, and evaluation of posture information. This architecture also describes the interfaces and associated operations that define the interactions between these components. This information will inform future engineering work around identifying existing standards for collecting, storing, disseminating, and evaluating endpoint posture information. This architecture will also help in identifying standardization gaps that require new engineering effort. Security practitioners need to request, analyze, and aggregate posture information from disparate sources that use differing means to identify endpoints, hardware, software, and configurations. This task is made harder by the large number of different protocols and formats needed to bring together all of this information into a single view. This architecture provides a means to automatically gather posture data together for standardized dissemination to downstream components. This allows security practitioners that leverage this architecture to focus on managing security problems, not data.}, }