This document describes the functional requirements of a Security Management System (SMS) that
offers a centralized view for control and security oversight of a Telecommunications Service
Provider's (TSP's) infrastructure. The SMS spans the management of the Management Security
Plane, the Control Security Plane, and the End-User Security Plane. The TSP's infrastructure spans,
at a minimum:
• Application servers (e.g., servers for mail, instant messaging, database, web, file, Voice over
IP (VoIP) and other applications);
• Support servers (e.g., DNS [b-IETF RFC 2181], DHCP [b-IETF RFC 2131], NTP [b-IETF
RFC 1305], backup, and other infrastructure support services);
• Internetworking/transport components (e.g., multiplexers, switches, routers, transport
gateways, application gateways, gateway controllers, packet-filters a.k.a. firewalls, content
filters, access points, bridges, wired and wireless telephony devices and monitoring probes
for QoS, and network activity, to name a few);
• End user host systems (e.g., laptop systems, desk-top systems, workstations, printers, etc.);
and
• Management systems (e.g., element management, network management, service
management, and business management systems).
All of the above entities are referred to in this document as Managed Elements (MEs) from a
security management perspective.
The requirements specified in this document should be applicable to a TSP’s current infrastructure
and also infrastructure evolution necessary for building their Next Generation Networks (NGNs)
(see [ITU-T Y.2001] and [ITU-T Y.2012]).
This recommendation draws on an ATIS standard [ATIS 0300074.2006] as a major source of
information and text.
A key aspect of this recommendation is that it defines a logical architecture and set of functionality
independent of physical implementation. Functionality is defined in terms of functional entities,
their logical relationships as well as aggregation of Functional Entities (FEs) into Functional
Groups (FGs). Deployment and implementation of these FEs and FGs, within an infrastructure, can
take many forms, such as centralized, hierarchical, distributed, or some combination of these. This
Recommendation takes no stand as to implementation of FEs and FGs in so far as implementation
decisions do not have security related ramifications. The detailed description of the interactions
between FGs is not described in this specification.
Annex A contains a normative Proforma wherein specific SMS requirements are documented.
Appendices I, II and III are informative and cover:
Appendix I: The relationship between the SMS and the security concepts covered in [ITU-T
X.800].
Appendix II: The relationship between the SMS and other TSP Management systems and
frameworks.
Appendix III: The structure and organization of NGN networks and their growing complexity.