Cybersecurity identification and discovery

Different cybersecurity organizations are implementing common cybersecurity protocols for the capture and exchange of system state, vulnerability, incident forensics, and incident heuristics information in operational applications and as specified in this Recommendation. As this information is becoming available from many different sources, implementers should harmonize how they identify cybersecurity organizations, trust and information exchange policies, and the information itself that is exchanged or distributed.

Any globally unique identifier used for global cybersecurity information exchange must necessarily have the following characteristics:

• simplicity, usability, flexibility, extensibility, scalability, and deployability;
• distributed management of diverse identifier schemes;
• long-term reliability of identifier registrars, and the availability of high-performance tools for discovering information associated with any given identifier.

Common Cybersecurity Identifier (CCI)

Cybersecurity information exchange protocols can be used by anyone, anywhere, at any time. So there is no way to control their use. However, common interests may exist among cybersecurity communities regarding cybersecurity identifiers and their creation, administration, discovery, verification, and use. Some of those interests include:

• Enhance the value of the cybersecurity information by enabling widespread exchange of the related event information and analysis of events over long periods of time
• Enhance the security of cybersecurity information exchanges by enabling identifier information to be obtained for verification and the related policies to be known
• Enhance the flexibility of cybersecurity of cybersecurity information exchanges by enabling new or additional information associated with the message to be obtained, e.g., information status

Rec. ITU-T X.cybex.1 (document not available), Guidelines for Administering the OID arc for cybersecurity information exchange.  A common global cybersecurity identifier namespace for these purposes is described in Rec. ITU-T X.cybex.1, together with administrative requirements, as part of a coherent OID arc, and includes:

• Cybersecurity information identifiers
• Cybersecurity organization identifiers
• Cybersecurity policy identifiers

Discovery

Rec. ITU-T X.cybex-disc, Discovery Mechanisms in the Exchange of Cybersecurity Information.  This recommendation provides methods and mechanisms which can be used to identify and locate sources of cybersecurity information, types of cybersecurity information, specific instances of cybersecurity information, methods available for access of cybersecurity information as well as policies which may apply to the access of cybersecurity information.