ITU X800 & RFC 2828

ITU-T Recommendation X.800 (Security Architecture for OSI) and IETF RFC 2828 (Internet
Security Glossary) are used as references to systematically evaluate and define security
requirements. Though coming from different standardization bodies, the two standards
have many points in common. X.800 is used to define general security-related architectural
elements needed when protection of communication between open systems is
required. X.800 establishes guidelines and constraints to improve existing recommendations
and/or to develop new recommendations in the context of OSI. Similarly, RFC 2828
provides abbreviations, explanations and recommendations for information system security
terminology.

Both X.800 and RFC 2828 are designed to assist security managers in defining security
requirements and possible approaches to meeting those requirements. They also
help hardware and software manufacturers to develop security features for their products
and services that follow certain standards. X.800 and RFC 2828 both mention
several aspects of security systems, namely security threat and attack, security services
and mechanisms and security management. This section gives a brief introduction to
these standards. We urge readers to read the original standard documents for more
information.