SACM Vulnerability Assessment Scenario

Document Type Expired Internet-Draft (sacm WG)
Authors Chris Coffin  , Brant Cheikes  , Charles Schmidt  , Daniel Haynes  , Jessica Fitzgerald-McKay  , David Waltermire 
Last updated 2017-03-13 (latest revision 2016-09-09)
Replaces draft-coffin-sacm-vuln-scenario
Stream Internet Engineering Task Force (IETF)
Expired & archived
pdf htmlized bibtex
Additional Resources
- Mailing list discussion
Stream WG state Submitted to IESG for Publication
Document shepherd Adam Montville
Shepherd write-up Show (last changed 2016-10-18)
IESG IESG state Expired (IESG: Dead)
Consensus Boilerplate Unknown
Telechat date
Responsible AD Kathleen Moriarty
Send notices to "Adam Montville" <>

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


This document describes an automated enterprise vulnerability assessment scenario aligned with the SACM Use Cases. The scenario assumes the existence of endpoint management capabilities and begins with an enterprise ingesting vulnerability description information. Endpoints are assessed against the vulnerability description information based on a combination of examining known endpoint characterization information and collected endpoint information.


Chris Coffin (
Brant Cheikes (
Charles Schmidt (
Daniel Haynes (
Jessica Fitzgerald-McKay (
David Waltermire (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)