Transitioning TNC Specs to SACM
Transcript of Transitioning TNC Specs to SACM
![Page 1: Transitioning TNC Specs to SACM](https://reader030.fdocuments.net/reader030/viewer/2022032706/623b32cb243cb967cf140b6e/html5/thumbnails/1.jpg)
Transitioning TNC Specs to SACM
![Page 2: Transitioning TNC Specs to SACM](https://reader030.fdocuments.net/reader030/viewer/2022032706/623b32cb243cb967cf140b6e/html5/thumbnails/2.jpg)
History of TCG and IETF
![Page 3: Transitioning TNC Specs to SACM](https://reader030.fdocuments.net/reader030/viewer/2022032706/623b32cb243cb967cf140b6e/html5/thumbnails/3.jpg)
NEA• Begun in 2006, brought TNC specs to IETF• Specs were rewritten
• Framework to enable standards-based exchange of endpoint posture information with a central server
– Evaluation of endpoint health
• Largely comply-to-connect focused
![Page 4: Transitioning TNC Specs to SACM](https://reader030.fdocuments.net/reader030/viewer/2022032706/623b32cb243cb967cf140b6e/html5/thumbnails/4.jpg)
NEA Architecture
PA
PB
PT
Posture Collectors
Posture Transport Client
Posture Broker Client
NEA Client
Posture Transport Server
Posture Broker Server
Posture Validators
NEA Server
![Page 5: Transitioning TNC Specs to SACM](https://reader030.fdocuments.net/reader030/viewer/2022032706/623b32cb243cb967cf140b6e/html5/thumbnails/5.jpg)
How Newer TNC Specs Can Help
![Page 6: Transitioning TNC Specs to SACM](https://reader030.fdocuments.net/reader030/viewer/2022032706/623b32cb243cb967cf140b6e/html5/thumbnails/6.jpg)
IF-IMC and IF-IMV
PA
PB
PT
Posture Collectors
Posture Transport Client
Posture Broker Client
NEA Client
Posture Transport Server
Posture Broker Server
Posture Validators
NEA Server
IF-IMC IF-IMV
![Page 7: Transitioning TNC Specs to SACM](https://reader030.fdocuments.net/reader030/viewer/2022032706/623b32cb243cb967cf140b6e/html5/thumbnails/7.jpg)
• IF-IMC:• Standardizes how collectors are registered and
communicated with– PB Client can find and load new collectors– PB Client can provide information to collectors so they can
change their behavior
• IF-IMV:• Standardizes how verifiers are registered and
communicated with– PB Server can find and load new verifiers– PB Server can provide information to verifiers so they can
change their behavior
![Page 8: Transitioning TNC Specs to SACM](https://reader030.fdocuments.net/reader030/viewer/2022032706/623b32cb243cb967cf140b6e/html5/thumbnails/8.jpg)
SWID Message and Attributes for IF-M
PA
PB
PT
Posture Collectors
Posture Transport Client
Posture Broker Client
NEA Client
Posture Transport Server
Posture Broker Server
Posture Validators
NEA Server
IF-IMC IF-IMV
SWID Message for IF-M
![Page 9: Transitioning TNC Specs to SACM](https://reader030.fdocuments.net/reader030/viewer/2022032706/623b32cb243cb967cf140b6e/html5/thumbnails/9.jpg)
SWID Message and Attribute for IF-M• Allows reporting inventories and deltas of SWID tags by a
client to a server, allows establishing subscriptions to monitor aspects of the SWID tag inventory, and allows the server to query about SWID tag state.
– Enables exchange of SWID tags between client and server, in order to:
● determine endpoint access● Maintain repository of posture information
– Detects updates to SWID tag repository on client machine, and update server
![Page 10: Transitioning TNC Specs to SACM](https://reader030.fdocuments.net/reader030/viewer/2022032706/623b32cb243cb967cf140b6e/html5/thumbnails/10.jpg)
Endpoint Compliance Profile
PA
PB
PT
Posture Collectors
Posture Transport
Client
Posture Broker Client
NEA Client
Posture Transport
Server
Posture Broker Server
Posture Validators
NEA Server
IF-IMC IF-IMV
SWID Message for IF-M
CMDB
![Page 11: Transitioning TNC Specs to SACM](https://reader030.fdocuments.net/reader030/viewer/2022032706/623b32cb243cb967cf140b6e/html5/thumbnails/11.jpg)
Endpoint Compliance Profile• Puts these specifications together for:
– Compliance checking– Data storage– Remediation
![Page 12: Transitioning TNC Specs to SACM](https://reader030.fdocuments.net/reader030/viewer/2022032706/623b32cb243cb967cf140b6e/html5/thumbnails/12.jpg)
IF-MAP
IF-MAP Sensors
Admin Clients
Enforcers
CMDB
NEA Server
MAP
IF-MAP
![Page 13: Transitioning TNC Specs to SACM](https://reader030.fdocuments.net/reader030/viewer/2022032706/623b32cb243cb967cf140b6e/html5/thumbnails/13.jpg)
IF-MAP & Metadata• Security automation
– Publish & subscribe interface– Coordination between network & security components
• Base spec– IF-MAP Binding for SOAP– MAP Content Authorization
• Metadata specs– IF-MAP Metadata for Network Security– IF-MAP Metadata for ICS Security
![Page 14: Transitioning TNC Specs to SACM](https://reader030.fdocuments.net/reader030/viewer/2022032706/623b32cb243cb967cf140b6e/html5/thumbnails/14.jpg)
Applicability to the Vulnerability Assessment Scenario
![Page 15: Transitioning TNC Specs to SACM](https://reader030.fdocuments.net/reader030/viewer/2022032706/623b32cb243cb967cf140b6e/html5/thumbnails/15.jpg)
Pre-collection of Endpoint Software Inventory Information
EndpointCompliance
ServerData
Repository
Report over PT-TLS
store
![Page 16: Transitioning TNC Specs to SACM](https://reader030.fdocuments.net/reader030/viewer/2022032706/623b32cb243cb967cf140b6e/html5/thumbnails/16.jpg)
Evaluators Query the Data Store
EndpointCompliance
ServerData
Repository Evaluators
query
response
![Page 17: Transitioning TNC Specs to SACM](https://reader030.fdocuments.net/reader030/viewer/2022032706/623b32cb243cb967cf140b6e/html5/thumbnails/17.jpg)
Evaluator Requests Additional Information
EndpointCompliance
ServerData
Repository Evaluators
query
response
store
request
response