1 / 7

Telecommunication Requirements draft-zhuang-sacm-telereq-00

Telecommunication Requirements draft-zhuang-sacm-telereq-00. Xiaojun Zhuang <zhuangxiaojun@chinamobile.com>, Minpeng Qi <qiminpeng@chinamobile.com > (presenter) Judy Zhu <zhuhongru@chinamobile.com>. Outline. Problem statement New use cases for telecommunication equipment.

tamarr
Download Presentation

Telecommunication Requirements draft-zhuang-sacm-telereq-00

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Telecommunication Requirementsdraft-zhuang-sacm-telereq-00 XiaojunZhuang <zhuangxiaojun@chinamobile.com>, MinpengQi <qiminpeng@chinamobile.com> (presenter) JudyZhu <zhuhongru@chinamobile.com>

  2. Outline • Problem statement • New use cases for telecommunication equipment

  3. Problem statement • Current statement: • The use cases of SACM are only for enterprise in the endpoint, but the vast majority of them can be applied in the scene of telecommunications network. • Problem statement: • There are following problems for the safety assessment of telecommunications network equipment: • Telecommunication network equipments need more complex baseline setting. • Lack of process after that equipment security policy does not meet the security posture , and it needs remediation and triggering the new assessment.

  4. Security baseline Issue: For the same requirements, different vendors have different implementations, which cause different detailed security attributes. However, same requirement leads to same baseline. This scenario does not mentioned in use case draft. Common part Alt 1 Alt 2 Operator requirements Device A Device B Device C Vendor A’s implementation Device A Device A Device B Device B Vendor B’s implementation Device C Device C

  5. Remediation • In use case draft, it covers • Baseline settings • Assessment planning • Value collection • Evaluation • However, it lacks • Remediation • If evaluation shows there are mistakes on specific attributes, the details of when and how to recover to normal state. • Baseline settings • Value collection • Assessment planning • Evaluation • remediation

  6. New use cases for telecommunication equipment • Use case 1:security policy baseline setting • This use case describes the process of setting security policy baseline of the telecommunication equipment. • Use case 2: Security posture remediation • This use case describes the process of remedying security posture when the posture evaluation result of has not complied with the operators security policy.

  7. Thank you!

More Related