7/31/2019 2009 00 00 Barry Foer VoIP SCAP Applicability Presentation for NIST

1/14

www.isalliance.org

Application of SCAP to SecureUnified Communications

7/31/2019 2009 00 00 Barry Foer VoIP SCAP Applicability Presentation for NIST

2/14

www.isalliance.org

The ISAlliance Board

7/31/2019 2009 00 00 Barry Foer VoIP SCAP Applicability Presentation for NIST

3/14

www.isalliance.org

VoIP Project Leadership

7/31/2019 2009 00 00 Barry Foer VoIP SCAP Applicability Presentation for NIST

4/14

www.isalliance.org

Government Participants

7/31/2019 2009 00 00 Barry Foer VoIP SCAP Applicability Presentation for NIST

5/14

www.isalliance.org

Industry Participants

7/31/2019 2009 00 00 Barry Foer VoIP SCAP Applicability Presentation for NIST

6/14

www.isalliance.org

The Need

Concerns of:

Vendors

CarriersEnterprises

Vulnerability Management

Secure Patching Secure Configuration

7/31/2019 2009 00 00 Barry Foer VoIP SCAP Applicability Presentation for NIST

7/14

www.isalliance.org

The SCAP Challenge

SCAP Today Federal Desktop Core

Configuration (FDCC)

One Vendor Just Workstations

SCAP Tomorrow

Set ConfigurationMore ApplicationsMore VendorsMore ToolsMore Endpoints

7/31/2019 2009 00 00 Barry Foer VoIP SCAP Applicability Presentation for NIST

8/14

www.isalliance.org

ISAlliance Unified Communications

Program Proposal & Status

Snapshot

ToleadandinfluencethedevelopmentofindustrybasedSCAPchecklistsforVoiceandVoIPSecurity

forGovernment,CricalInfrastructureandEnterprises(approvedFeb2008ISAllianceBoDMee9ng)

VoIPSecurityImplementaonandAssuranceWorkshopheld@NISTaspartofthe4th

Informa,onSecurityAutoma,onConference,(complete,Sept22nd--23rd,2008)

7/31/2019 2009 00 00 Barry Foer VoIP SCAP Applicability Presentation for NIST

9/14

www.isalliance.org

ISAlliance Unified

Communications Program Outcomeof2008workshopneed

wasidenfiedto: AccesstheapplicabilityofSCAPto

VoIP

EnumeratestandardstodevelopSCAPcontent

PhaseIwhitepaperdueendof200 Applica'onofSCAPtoSecure

UnifiedCommunica'ons

PhaseIIproposed

ProsaicChecklist

BusinessCase(RoIAnalysis)ontheuseofSCAPtechnologybyEnterprises

CricaltohaveUCVendorandSCAPToolsVendorParcipaon

Services

Networks

Devic

es

UC Network

Services

Networks

Devic

es

UC Network

7/31/2019 2009 00 00 Barry Foer VoIP SCAP Applicability Presentation for NIST

10/14

www.isalliance.orgwww.isalliance.org

Baseline Standards

Process

Scope

Architecture

Review

StandardsDefine

Baseline

RecommendedSecurity

Controls

7/31/2019 2009 00 00 Barry Foer VoIP SCAP Applicability Presentation for NIST

11/14

www.isalliance.org

Applicability Workgroup

Approach

Scope

Architecture

TRA(Threat Risk Assessment)

Security

Controls

Applicabilityof SCAP

7/31/2019 2009 00 00 Barry Foer VoIP SCAP Applicability Presentation for NIST

12/14

www.isalliance.orgwww.isalliance.org

The White Paper

Please email bfoer@isalliance.org

To be placed on the distribution list fora free copy ofApplication of SCAPto Secure

Unified Communications.

Available end of 2009

7/31/2019 2009 00 00 Barry Foer VoIP SCAP Applicability Presentation for NIST

13/14

www.isalliance.org

Backup

7/31/2019 2009 00 00 Barry Foer VoIP SCAP Applicability Presentation for NIST

14/14

www.isalliance.org

The Unified Communication Challenge

Services

UC Network