Difference between revisions of "Project Proposals/SRT"

From fd.io
Jump to: navigation, search
(Scope)
 
(6 intermediate revisions by 2 users not shown)
Line 1: Line 1:
  
 
 
 
{{Project Facts
 
|name=srt
 
|shortname=srt
 
|jiraName=
 
|projectLead=
 
Andi Rowley
 
|committers=
 
 
* C.J. Collier
 
* Andi Rowley
 
 
}}
 
  
 
[[Category:Project Proposal]]
 
[[Category:Project Proposal]]
Line 23: Line 8:
  
 
== Project Contact Name and Email ==
 
== Project Contact Name and Email ==
Andi Rowley <andi.rowley@colliertech.org>
+
Andi Rowley <andi.rowley@c9h.org>
  
 
== Repository Name ==
 
== Repository Name ==
Line 54: Line 39:
  
 
== Scope ==
 
== Scope ==
<!-- Project scope.  The project scope should be well defined.  It should be possible from the scope to crisply answer whether something belongs or not within the scope of this particular project. Scopes should not be overly broad.  A Project scope must also lie within the overall scope set by the board for projects in fd.io:
 
    - IO
 
        – Hardware/vHardware <-> threads/cores
 
    - Processing
 
        - Classify
 
        - Transform
 
        - Prioritize
 
        - Forward
 
        - Terminate
 
    - Management Agents
 
        - Control/Manage IO/Processing
 
    - Supporting Projects
 
        - Testing/Tools/Infrastructure
 
        - Integration with other systems
 
  
CHAPTER ONE
+
The scope of this project includes
INTRODUCTION
+
Consideration of security in the System Development Life Cycle is essential to implementing and integrating a comprehensive strategy for managing risk for all information technology assets in an organization. The National Institute of Standards and Technology (NIST) Special Publication (SP) 800-64 is intended to assist federal government agencies to integrate essential security activities into their established system development life cycle guidelines.  -->
+
  
 
+
* Security aspects of SDLC
The scope of this project includes
+
* Development and maintenance of security response SOPs
*
+
* Development and Management of security policy documents
*
+
* NIST CPEs
  
 
== Initial Committers ==
 
== Initial Committers ==
Line 85: Line 54:
 
|C.J. Collier||cjcollier@linuxfoundation.org||cj||cjcollier
 
|C.J. Collier||cjcollier@linuxfoundation.org||cj||cjcollier
 
|-
 
|-
|Andi Rowley||andi.rowley@colliertech.org||human_||arowley
+
|Andi Rowley||andi.rowley@c9h.org||human_||arowley
 
|}
 
|}
  
Line 124: Line 93:
 
== Administrata ==
 
== Administrata ==
 
* Request for Project proposal consideration
 
* Request for Project proposal consideration
* Email:
+
** [https://lists.fd.io/pipermail/tsc/2016-July/000207.html Email ]
<!-->(place link to email to TSC proposing project, this can be obtained from [https://lists.fd.io/pipermail/tsc/ TSC Archives]-->
+
** Date: July 25th 2016
 
+
* Date: July 22nd 2016
+
  
 
== External links ==
 
== External links ==
Line 134: Line 101:
 
* https://nvd.nist.gov/cpe.cfm
 
* https://nvd.nist.gov/cpe.cfm
 
* https://web.nvd.nist.gov/view/vuln/search
 
* https://web.nvd.nist.gov/view/vuln/search
 +
* https://wiki.debian.org/Teams/Security

Latest revision as of 17:15, 13 August 2016


Name

Security Response Team

Project Contact Name and Email

Andi Rowley <andi.rowley@c9h.org>

Repository Name

srt

Description

Key security activities performed by the SRT include:

  • Conduct the risk assessment and use the results to supplement the base line security controls;
  • Analyze security requirements;
  • Perform functional and security testing;
  • Prepare initial documents for system certification and accreditation; and
  • Design security architecture.
  • Maintain CPE registrations with the NIST on behalf of all FD.io projects
  • Monitor National Vulnerability Database for issues which may apply to CPEs registered by FD.io


Scope

The scope of this project includes

  • Security aspects of SDLC
  • Development and maintenance of security response SOPs
  • Development and Management of security policy documents
  • NIST CPEs

Initial Committers

Name Email IRC nick LFID
C.J. Collier cjcollier@linuxfoundation.org cj cjcollier
Andi Rowley andi.rowley@c9h.org human_ arowley


Vendor Neutral

No issue regarding vendor neutrality.

Meets Board Policy (including IPR, being within Board defined Scope etc)

Meets board policy as expressed in Technical Community Charter and IP Policy

Administrata

  • Request for Project proposal consideration

External links