Difference between revisions of "Project Proposals/SRT"
From fd.io
(→Description) |
|||
(15 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
[[Category:Project Proposal]] | [[Category:Project Proposal]] | ||
Line 23: | Line 8: | ||
== Project Contact Name and Email == | == Project Contact Name and Email == | ||
− | < | + | Andi Rowley <andi.rowley@c9h.org> |
== Repository Name == | == Repository Name == | ||
Line 36: | Line 21: | ||
Key security activities performed by the SRT include: | Key security activities performed by the SRT include: | ||
− | + | * Conduct the risk assessment and use the results to supplement the base line security controls; | |
− | line security controls; | + | |
− | + | * Analyze security requirements; | |
− | + | * Perform functional and security testing; | |
− | + | * Prepare initial documents for system certification and accreditation; and | |
− | + | * Design security architecture. | |
+ | |||
+ | * Maintain CPE registrations with the NIST on behalf of all FD.io projects | ||
+ | |||
+ | * Monitor National Vulnerability Database for issues which may apply to CPEs registered by FD.io | ||
<!-->Although this section presents the information security components in a sequential top-down manner, the order of completion is not necessarily fixed. Security analysis of complex systems will need to be iterated until consistency and completeness is achieved. | <!-->Although this section presents the information security components in a sequential top-down manner, the order of completion is not necessarily fixed. Security analysis of complex systems will need to be iterated until consistency and completeness is achieved. | ||
Line 51: | Line 39: | ||
== Scope == | == Scope == | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | + | The scope of this project includes | |
− | + | ||
− | + | ||
− | + | * Security aspects of SDLC | |
− | + | * Development and maintenance of security response SOPs | |
− | + | * Development and Management of security policy documents | |
− | + | * NIST CPEs | |
== Initial Committers == | == Initial Committers == | ||
+ | |||
+ | {| | ||
+ | !Name!!Email!!IRC nick!!LFID | ||
+ | |- | ||
+ | |C.J. Collier||cjcollier@linuxfoundation.org||cj||cjcollier | ||
+ | |- | ||
+ | |Andi Rowley||andi.rowley@c9h.org||human_||arowley | ||
+ | |} | ||
+ | |||
<!-- A list of the name/email/IRC nick of the initial project committers | <!-- A list of the name/email/IRC nick of the initial project committers | ||
Line 112: | Line 93: | ||
== Administrata == | == Administrata == | ||
* Request for Project proposal consideration | * Request for Project proposal consideration | ||
− | * | + | ** [https://lists.fd.io/pipermail/tsc/2016-July/000207.html Email ] |
− | + | ** Date: July 25th 2016 | |
− | + | ||
− | * Date: July | + | |
− | + | == External links == | |
− | http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-64r2.pdf | + | * http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-64r2.pdf |
+ | * https://nvd.nist.gov/cpe.cfm | ||
+ | * https://web.nvd.nist.gov/view/vuln/search | ||
+ | * https://wiki.debian.org/Teams/Security |
Latest revision as of 17:15, 13 August 2016
Contents
Name
Security Response Team
Project Contact Name and Email
Andi Rowley <andi.rowley@c9h.org>
Repository Name
srt
Description
Key security activities performed by the SRT include:
- Conduct the risk assessment and use the results to supplement the base line security controls;
- Analyze security requirements;
- Perform functional and security testing;
- Prepare initial documents for system certification and accreditation; and
- Design security architecture.
- Maintain CPE registrations with the NIST on behalf of all FD.io projects
- Monitor National Vulnerability Database for issues which may apply to CPEs registered by FD.io
Scope
The scope of this project includes
- Security aspects of SDLC
- Development and maintenance of security response SOPs
- Development and Management of security policy documents
- NIST CPEs
Initial Committers
Name | IRC nick | LFID | |
---|---|---|---|
C.J. Collier | cjcollier@linuxfoundation.org | cj | cjcollier |
Andi Rowley | andi.rowley@c9h.org | human_ | arowley |
Vendor Neutral
No issue regarding vendor neutrality.
Meets Board Policy (including IPR, being within Board defined Scope etc)
Meets board policy as expressed in Technical Community Charter and IP Policy
Administrata
- Request for Project proposal consideration
- Date: July 25th 2016