TUF - Secure Internet (ITS)

Description:

This solution is used within Australia, the E.U. and the U.S.. It combines standards associated with TUF with those for I-I: Secure Internet (ITS). The TUF standards include upper-layer standards required to install and update application software. The I-I: Secure Internet (ITS) standards include lower-layer standards that support secure communications between ITS equipment using X.509 or IEEE 1609.2 security certificates.

Comm Profile: I-I: Secure Internet (ITS)

Level	Doc #	Standard	Description
Access		Internet Subnet Alternatives	A set of alternative standards that includes any Subnet Layer method of connecting to the Internet.
Mgmt		Bundle: SNMPv3 MIB	A bundle of standards (RFCs) that groups the common management information bases (MIBs) used to manage IP networks at the transport layer and below using SNMPv3.
Security		Secure Session Alternatives	A set of alternative standards that identifies standards that are used to establish and maintain secure Internet sessions. If an information exchange does not require encryption, the (D)TLS session can negotiate NULL encryption. NOTE: If TCP is selected in the TransNet Layer, one of the TLS alternatives must be selected from this alternative set; if UDP is selected in the TransNet Layer, one of the DTLS alternatives must be selected from this alternative set.
TransNet		Internet Transport Alternatives	A set of alternative standards that identifies the two major options for the transport layer for mainstream IP-based deployments.
TransNet		IP Alternatives	A set of alternative standards that allows for the selection of IPv4 or IPv6.

Data Profile: TUF

Level	Doc #	Standard	Description
Facilities	TUF	The Update Framework	The Update Framework (TUF) specification helps developers maintain the security of a software update system, even against attackers that compromise the repository or signing keys. TUF provides a flexible framework and specification that developers can adopt into any software update system.
ITS Application Entity	No Standard Needed	Not Needed	The services related to this portion of the stack are not critical within the scope of this solution.
Security	TUF	The Update Framework	The Update Framework (TUF) specification helps developers maintain the security of a software update system, even against attackers that compromise the repository or signing keys. TUF provides a flexible framework and specification that developers can adopt into any software update system.

Readiness Description:

One significant or possibly a couple minor issues. For existing deployments, the chosen solution likely has identified security or management issues not addressed by the communications solution. Deployers should consider additional security measures, such as communications link and physical security as part of these solutions. They should also review the management issues to see if they are relevant to their deployment and would require mitigation. For new deployments, the deployment efforts should consider a path to addressing these issues as a part of their design activities. The solution does not by itself provide a fully secure implementation without additional work.