/PACE

Posture Attribute Collection and Evaluation

OtherNOASSERTION

Posture Attribute Collection and Evaluation (PACE) Prototype

Overview

Posture Attribute Collection and Evaluation (PACE) is an Open Cybersecurity Alliance (OCA) project. Posture assessment generally consists of understanding, for a given computing resource (or set of computing resources), software load, composition of that software load, patch levels, vulnerability (implied to be software vulnerability), and configuration state. Together, these attributes of a computing resource represent its cybersecurity posture. PACE will leverage and/or contribute to Open Cybersecurity Alliance (OCA) Ontology and OpenC2 for command and control. PACE will be an instantiation of the IETF Security Automation and Continuous Monitoring (SACM) group’s architecture.

Initially, the project intends to focus on building the pipes and connectors between components, leveraging existing payload formats such as SCAP/OVAL, SBOM, etc. Later phases of the project may consider updating payload formats to include other types (i.e. NETCONF/RESTCONF, InSpec, Puppet, Ansible, etc.)

Status

As of October 2021, the PACE prototyping effort is focused on implementing a version of the Security Automation and Continuous Monitoring (SACM) architecture documented in this Internet Draft (expires January 2022). The draft focuses on capabilities for collection and evaluation of "security posture attributes", and uses RFC 7632, Endpoint Security Posture Assessment: Enterprise Use Cases, as a reference. Current PACE efforts are prototyping posture attribute collection using open source tools such as osquery and nmap, using OpenC2 to control collection activities. An OpenC2 Actuator Profile (AP) for Security Posture Attribute Collection is an anticipated product of this work.

A Security Posture website has been created to capture PACE use cases and operating scenarios. Contributors are encouraged to review the Security Posture By Example pages and both enhance existing descriptions and add new use cases for consideration by the PACE project.

Join Us

PACE holds monthly meetings via Zoom on the second Monday of each month from 1:00-1:45 pm Eastern Time each week. Meeting information can be found on the PACE calendar.
(Updated 3 October 2022)

Documentation

Documentation related to PACE protoptyping is maintained in the OCA PACE GitHub respository. The following documents help to illustrate SACM concepts, their connection to OpenC2, and the initial direction of the PACE protoptying effort, along with possible future use cases that could be implemented.

Information contained in the OCA documentation repository may also be helpful.

The PACE prototyping work will likely also include the retrieval of Software Bill of Materials (SBOM) objects that play a role in various cybersecurity scenarios, such as this vision for a Comply to Connect implementation captured for a previous OpenC2 plugfest.

The PACE prototyping effort is a conceptual successor to prototyping previously done related to the Security Content Automation Protocol, v2.

See Frequently Asked Questions for more information about PACE