RFC 3067 (rfc3067) - Page 1 of 17


TERENA'S Incident Object Description and Exchange Format Requirements



Alternative Format: Original Text Document



Network Working Group                                       J. Arvidsson
Request for Comments: 3067                                    Telia CERT
Category: Informational                                       A. Cormack
                                                              JANET-CERT
                                                            Y. Demchenko
                                                                  TERENA
                                                               J. Meijer
                                                                 SURFnet
                                                           February 2001


 TERENA's Incident Object Description and Exchange Format Requirements

Status of this Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2001).  All Rights Reserved.

Abstract

   The purpose of the Incident Object Description and Exchange Format is
   to define a common data format for the description, archiving and
   exchange of information about incidents between CSIRTs (Computer
   Security Incident Response Teams) (including alert, incident in
   investigation, archiving, statistics, reporting, etc.).  This
   document describes the high-level requirements for such a description
   and exchange format, including the reasons for those requirements.
   Examples are used to illustrate the requirements where necessary.

1. Conventions used in this document

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in RFC 2119 [1].












Arvidsson, et al.            Informational