[cabf_netsec] Logical Security Requirements for Networks

[Ben Wilson]

Today in our Document Restructuring group call we reviewed Ballot 32
(Elimination of Zones). As I mentioned on our group call last Thursday, I
am going to let Ballot 32 die, and then we'll reintroduce a new one with
better requirements for logical security for modern networks and
cloud-based solutions that layers on to what we already have in areas of
authentication, auditing, testing, etc.

However, in order to do a good job re-writing the ballot, we need
contributions from our/your collective braintrusts. Can each of you ask
someone in your organization to help you formulate some new requirements
for logical network security to replace the older ones? Namely, we'd like
to come up with some requirements applicable to CA environments, which
obviously require higher/better security than ordinary systems. We can use
this thread to review what we already have in the NCSSRs and to collect our
thoughts.

Also, is there anything we can learn from the Cloud Security Alliance -
https://cloudsecurityalliance.org/ or some other source?

Do we think we can write requirements that simultaneously cover traditional
CA environments and cloud-based environments?

Thanks,

Ben
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/netsec/attachments/20200727/2774e3e3/attachment.html>