Opened 5 years ago

#4 new defect

use-cases-07 - 4 - need security & privacy considerations

Reported by: llorenzin@… Owned by: david.waltermire@…
Priority: blocker Milestone:
Component: use-cases Version:
Severity: Waiting for Shepherd Writeup Keywords:


From AD review -

Security & Privacy considerations
Are theses covered in the requirements and architecture draft? If so, you'll need to add a pointer as that being the appropriate location.

Access, collection, and storage of posture information has security implications that will need to be discussed. The types of attacks that are possible with this data should be included. Then, privacy risks will need to be discussed, especially if you have system owner and user information that can be accessed on end point assessments. If end point assessments are able to gather information on host behavior (described in a use case - what apps are on a system and *if history can be gathered to profile a user*), it will be really important to include this before it gets to the IESG review.

A pointer to this in another draft is probably preferred since this is information and may be a better fit with in the draft with requirements.

The privacy RFC to review to gather ideas on current concerns in this space is RFC6973. It's a good and helpful read.

Change History (0)

Note: See TracTickets for help on using tickets.