ESR; Resources to be protected

[heimannrj]

Is this section too specific and at risk of being too narrowly interpreted in the future? Some of the items listed appear to be examples of higher level concepts. Consider consolidating the current list into something higher level that can encompass new technologies and considerations over the long term. From this:

• Any network-facing management interfaces, including traffic to and from the SDN Controller,
• and any critical data (e.g., audit data).
• SDN Controller software/firmware.
• Data stored locally by the SDN Controller (e.g. Policy, flow control, etc.).
• Configuration and reboot data, including any policy made part of the boot configuration.
• Authentication credentials such as keys and passwords.
• Northbound, Southbound and East/West channels/connections.
• Any stored updates intended for SDN Devices.
• SDN switch configuration and reboot data stored in the SDN Controller.
• Traffic/packet statistics.
• Audit information.

To this:

• Any network-facing management interfaces, including traffic to and from the device, including any critical data (e.g., audit data).
• Sensitive data stored locally
• Sensitive data in transit
• Updates to the device.
• Authentication credentials such as keys and passwords.

[hubertdcruze]

Thank you for your suggestions. It makes sense. Here are some of my thoughts as well. The key resources associated with SDN controllers that need to be protected:

1. Control plane communications
2. Network configuration data
3. Authentication credentials
4. Software and firmware
5. Data stored locally and in transit
6. APIs and management interfaces
7. Cryptographic keys and certificates
8. Audit logs and monitoring data
9. Resource allocation information