ISO/IEC 10164-7:1992

INTERNATIONAL
STANDARD
10164-7
First edi tion
‘1992-05-15
Information technology - Open Systems
Interconnection - Systems Management:
Security alarm reporting function
Technologies de I’information - Interconnexion de systemes ouverts -
Gestion-Systeme: Fonction de campte rendu d’alarme de s6curit6
--
- -
-_
--
-rz=
= Z
-.
= =
=
=
=
=
=
=
‘1
Z
r
=
I
f
2
1 =L
=
=
Reference number
= =
Z
E
-@z C
- -
-P-P -~--~-
----. - -. .-._ .--.-. _-- ---.~. ----- ---- -_ ISCM EC 10 164-7: 1992(E)

---------------------- Page: 1 ----------------------
XSO/IEC 10164-7 : 1992(E)
Conte& Page
. . .
111
Foreword . . . . . . . . . . . . . . . . . . . . . . . . . .~.
iv
Introduction . . . . . . . . . . . . . .~.~.~.~.~~.~.~.~.~.~.~.
1
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .*.*.*.
1 scope
2
..................................................................................................................................
2 Normative references
................................................................ 2
2.1 Identical CCITT Recommendations I International Standards
................... 2
2.2 Paired CCITT Recommendations I International Standards equivalent in technical content
3
2.3 AdditionaI references .
3
3 Definitions .
3
3.1 Basic reference model definitions .
3
3.2 Security architecture definitions .
3
......................................................................................................
3.3 Management framework definitions
3
...........................................................................................
3.4 Systems management overview definitions
4
......................................................................................
3.5 Event report management function definitions
4
.............................................................................................................
3.6 Service conventions definitions
4
......................................................................................................
3.7 OS1 conformance testing deftitions
4
3.8 AdditionaI definitions .
4
4 Abbreviations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4
5 Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
5
6 Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .*.
5
7 Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
5
.....................................................................................................................................
8 Generic definitions
............................................................................................................................. 5
8.1 Generic notifications
8
8.2 Managed Object .
8
8.3 Imported generic definitions .
8
...........................................................................................................................................
8.4 Compliance
8
9 Service definition .
8
9.1 Introduction .
8
............................................................................................................
9.2 Security alarm reporting Service
9
10 Functional units . . . . .*.**.*.
9
11 Protocol .
...................................................................................................................... 9
11.1 Elements of procedure
10
11.2 Abstract Syntax .
12
...............................................................
11.3 Negotiation of the security alarm reporting functional unit
12
12 Relationships with other functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
12
............................................................................................................................................
13 Conformance
12
..........................................................................................
13.1 General conformance class requirements
13
......................................................................................
13.2 Dependent conformance class requirements
0 ISO/IEC 1992
All rights reserved. No part of this publication may be reproduced or utilized in any form or by any means,
electronie or mechanical, including photocopying and microfilm, without permission in writing f?om the
publisher.
ISO/IEC Copyright Office l Case postale 56 l CH-1211 Geneve l Switzerland
Printed in Switzerland
ii CCITT Rec. X.736 (1992)

---------------------- Page: 2 ----------------------
ISO/IEC 10164-7 : 1992(E)
Foreword
ISO (the International Organization for Standardization) and IEC (the International
Electrotechnical Commission) form the specialized System for worldwide
standardization. National bodies that are members of ISO or IEC participate in the
development of International Standards through technical committees established by
the respective organization to deal with particular fields of technical activity. ISO and
IEC technical committees collaborate in fields of mutual interest. Other international
organizations, govemmental and non-governmental, in liaison with ISO and IEC, also
take part in the work.
In the field of information technology, ISO and IEC have established a joint technical
committee, ISO/IEC JTC 1. Draft International Standards adopted by the joint technical
committee are circulated to national bodies for voting. Publication as an International
Standard requires approval by at least 75% of the national bodies casting a vote.
International Standard ISO/IEC 10164-7 was prepared by the Joint Technical
Committee ISO/IEC JTC 1, Information technology, rn collaboration with the CCITT.
The identical text is published as CCITT Recommendation X.736.
ISO/IEC 10164 consists of the following parts, under the general title Infomzation
technology - Open Systems Interconnection - Systems Management:
-Part 1: Object managemen t function
-Part2: State management function
Attributes for representing relationships
-Part3:
-Part4: Alarm reporting finction
-Part5: Event report managemen t function
-Part6: Log controlfunction
-Part7: Security alarm reporting function
-Part8: Security audit trail function
-Part9: Objects and attributes for access control
-Part 10:
Accounting meter function
-Part 11: Workload monitoring ftrnction
-Part 12: Test munagement function
-Part 13: Summarization finction
-Part 14: Confidence and diannostic
test catenories
. . .
CCITT Rec. X.736 (1992) 111

---------------------- Page: 3 ----------------------
ISO/IEC 10164-7:1992(E)
Introduction
ISO/IEC 10164 is a multi art Standard developd according to ISO 7498 and
% 4 is related to the following International Standards
ISO/IEC 7498-4. ISO/IEC 101
Systems Interconnection -
- ISO/IEC 9595 : 1990, Infomzation tech2ology - Open
Common management information Service definltion;
ISO/IEC 9596 : 1990, Infomzation technology - Open Systems Interconnection -
Common management information protocol;
Open Systems Interconnection -
- ISO/IEC 10040 : 1992, Informa t-ion technology -
Systems management ovewiew;
techology - Open Systems Interconnection -
ISO/IEC 10165 : 1992, Information
Structure of management information.
iv CCITT Rec. X.736 (1992)

---------------------- Page: 4 ----------------------
ISO/IEC 10164-7 : 1992(E)
INTERNATIONAL STANDARD
CCXTT RECOMMENDATION
Information technology - Open Systems Interconnection -
Systems Management: Security alarm reporting function
1 Scope
This Recommendation I International Standard defines the security alarm reporting function. The security akum
reporting function is a Systems management function which may be used by an application process in a centralized or
decentralized management environment to exchange information for the purpose of Systems management, as defined
by CCITT Rec. X.700 I ISO/lEC 7498-4. This Recommendation I International Standard is positioned in the
application layer of CCITT Rec. X.200 I ISO 7498 and is defined according to the model provided by ISO/IEC 9545.
The role of Systems management functions is described by CCIIT Rec. X.701 I ISO/IEC 10040. The security alarm
notifications defined by this Systems management function provide information regarding operational condition and
quality of Service, pertaining to security.
Security-related events are of relevante to the Provision of security. The security policy determines the actions to be
undertaken whenever a security-related event has occured. The security policy may, for example, specify that a
security alarm report be generated, a record of the event be made in a security audit trail, a threshold counter be
incremented, the event be ignored, or a combination of these actions be taken. This Recommendation I International
Standard is only concemed with security alarm reporting.
This Recommendation I International Standard
- establishes user requirements for the Service definition needed to support the security alarm reporting
function;
defines the Service provided by the security alarm reporting function;
specifies the protocol that is necessary in Order to provide the Service;
defines the relationship between the Service and management notifications;
defines relationships with other Systems management functions;
specifies conformance requirements.
This Recommendation I International Standard does not
define the nature of any implementation intended to provide the security alarm reporting function;
- specify the manner in which management is accomplished by the user of the security alarm reporting
function;
- define the nature of any interactions which result in the use of the security alarm reporting function;
- specify the Services necessary for the establishment, normal and abnormal release of a management
association;
define any other notifications, defined by other Recommendations International Standards, which
maY
be of interest to a security administrator.
CCITT Rec. X.736 (1992) 1

---------------------- Page: 5 ----------------------
ISO/IECl0164-7:1992(E)
2 Normative references
The following CCITT Recommendations and International Standards contain provisions which, through reference in
this text, constitute provisions of this Recommendation I International Standard. At the time of publication, the editions
indicated were valid. All Recommendations and Standards are subject to revision, and Parties to agreements based on
this Recommendation I International Standard are encouraged to investigate the possibility of applying the most recent
editions of the Recommendations and Standards listed below. Members of IEC and ISO maintain registers of currently
valid International Standards. The CCITT Secretariat maintains a Iist of the currently valid CCITT Recommendations.
21 .
Identical CCITT Recommendations 1 International Standards
- CCITI’ Recommendation X.701 (1992) I ISO/IEC 10040 : 1992, Information technology - Open Systems
Interconnection - Systems management overview.
- CCITT Recommendation X.721 (1992) I ISO/IEC 10165-2 : 1992, Information technology - Open
Systems Interconnection - Structure of management information: Definition of management information.
- CCITT Recommendation X.722 (1992) I ISO/IEC 10165-4 : 1992, Information technology - Open
Guidelines for the definition of
Systems Interconnection - Structure of management information:
managed objects.
- CCITT Recommendation X.733 (1992) I ISO/IEC 10164-4 : 1992, Information technology - Open
Systems Interconnection - Systems Management: Alarm reporting jimction.
- CCITT Recommendation X.734’) I ISO/IEC 10164-5 : 1992, Information technology - Open Systems
Interconnection - Systems Management: Event report management function.
- CCIIT Recommendation X.735’) I ISO/IEC 10164-6 : 1992, Information technology - Open Systems
Interconnection - Systems Management: Log control function.
22 . Paired CCITT Recommendations 1 International Standards equivalent in technical content
- CCITT Recommendation X.200 (1988), Reference model of Open Systems Interconnection for CCIlT
applications.
Open Systems Interconnection - Basic Reference
ISO 7498 : 1984, Information processing systems -
Model.
- CCITT Recommendation X.208 (1988), Speciflcation of abstract syntax notation one (ASN.1).
ISO/IEC 8824 : 1990, Information technology - Open Systems Interconnection - Specification of
Abstract Syntax Notation One (ASN.1).
- CCITI’ Recommendation X.209 (1988), Specification of Basic Encoding Rules for abstract syntax
notation.
ISO/IEC 8825 : 1990, Information technology - Open Systems Interconnection - Specification of Basic
Encoding Rules for Abstract Syntax Notation One (ASN.1).
- CCITT Recommendation X.210 (1988), Open Systems Interconnection layer Service definition
conventions.
Open Systems In terconnection - Service
ISO/IR 8509 : 1987, Information processing systems -
conventions.
- CCITT Recommendation X.290 (1992), OSI confomzance testing metkodology and framework for
protocol Recommendations for CCITT applications - General concepts.
ISO/IEC 9646-1 : 1991, Information technology - Open Systems Interconnection - Confomzance testing
methodology and framework - Part 1: General concepts.
- CCITT Recommendation X.800 (1991), Security architecture for Open Systems Interconnection for
CCITT applications.
ISO 7498-2 : 1988, Information processing systems - Open Systems Interconnection - Basic Reference
Model - Part 2: Security Architecture.
* ) Prtxntly at state of draft Recommendation.
2 WITT Rec. X.736 (1992)

---------------------- Page: 6 ----------------------
ISO/IEC 10164-7 : 1992(E)
- CCITI’ Recommendation X.7001), Management fiamework definition for Open Systems Interconnection
for CCITT applications.
ISO/IEC 7498-4 : 1989, Information processing systems - Open Systems Interconnection - Basic
Reference Model - Part 4: Management framework.
- CCITI’ Recommendation X.710 (1991), Common management information Service definition for CCYTT
applications.
ISO/DEC 9595 : 1991, Information technology - Open Systems Interconnection - Common management
information Service definition.
23 . Additional references
- ISO/IEC 9545 : 1989, Information technology - Open Systems Interconnection - Application Layer
structure.
3 Definitions
For the purposes of this Recommendation I International Standard, the following definitions apply.
31 . Basic reference model definitions
This Recommendation I International Standard makes use of the following term defined in CCITT Rec. X.200 I
ISO 7498:
open System
32 . Security architecture definitions
This Recommendation I International Standard makes use of the following terms defined in CCITT Rec. X.800 1
ISO 7498-2:
authentication;
a)
b) confidentiality;
integrity;
C)
d) non-repudiation;
security policy;
e)
security senke.
f)
33 . Management framework definitions
This Recommendation I International Standard makes use of the following term defined in CCITT Rec. X.700 I
ISO/IEC 7498-4:
managed Object
34 . Systems management overview definitions
This Recommendation I International Standard makes use of the following terms defined in CCITT Rec. X.701 I
ISO/IEC 10040:
agent role;
a)
b) dependent conformance;
c) general conformance;
d) manager role;
’ ) Presently at state of draft Recommendation.
CCITT Rec. X.736 (1992) 3

---------------------- Page: 7 ----------------------
ISO/IEC 10164-7 : 1992(E)
notification;
e)
Systems management functional unit.
0
35 . Event report management function definitions
This Recommendation I International Standard makes use of the following term defined in CCITT Rec. X.734 I
ISO/IEC 10164-5:
discriminator
36 . Service conventions definitions
This Recommendation I International Standard makes use of the following terms defined in CCITT Rec. X.210 I
ISO/TR 8509:
service-user;
a)
b) service-provider.
37 . OS1 conformance testing definitions
This Recommendation I International Standard makes use of the following term defined in CCITT Rec. X.290 I
ISO/IEC 9646- 1:
Statement
System conformance
38 . Additional definitions
3.8.1 security alarm: A security-related event that has been identified by a security policy as a potential breach of
security;
security-related event: An event which is considered to have relevante to security.
3.8.2
4 Abbreviations
ASN.l Abstract Syntax Notation One
CMIS Common Management Information Services
Conf Confirmation
Indication
Ind
MAPDU Management Application Protocol Data Unit
OS1 Open Systems Interconnection
Request
Req
Response
RsP
SMAPM Systems Management Application Protocol Machine
5 Conventions
This Recommendation I International Standard defines Services for the security alarm reporting function using the
descriptive conventions defined in CCITT Rec. X.210 I ISO/IR 8509. In clause 9, the definition of each Service
includes a table that lists the Parameters of its primitives. Fox a given primitive, the presence of each Parameter is
described by one of the following values
M the Parameter is mandatory
(=) the value of the Parameter is equal to the value of the Parameter in the column to the left
U the use of the Parameter is a Serviceuser Option
- the Parameter is not present in the interaction described by the primitive concemed
4 CCITT Rec. X.736 (1992)

---------------------- Page: 8 ----------------------
ISO/IEC 10164-7 : 1992(E)
C the Parameter is conditional. The condition(s) are defined by the text which describes the Parameter
P subject to the constraints imposed on the Parameter by CCITT Rec. X.710 I ISO/IEC 9595
NOTE! - The Parameters that are marked “P” in Table 2 of this Recommendation I International Standard are mapped
without changing the semantics or Syntax of the
directly onto the corresponding Parameters of the CMIS Service primitive,
Parameters. The remaining Parameters are used to construct an MAPDU.
6 Requirements
The security management user needs to be alerted whenever an event indicating an attack or potential attack on System
security has been detected. A security attack may be detected by a security Service, a security mechanism, or another
process.
A security alarm notification may be generated by either of the communicating end users, or by any intermediate
System or process between the end users. The security alarm report shall identify the Cause of the security alarm, the
Source of the detection of the security-related event, the appropriate end users, and of the perceived severity of any
misoperation, attack or breach of security, as specified by the security policy.
This Recommendation I Internatio
...