scope:

This document focuses on developing a consistent recommendation for implementing security requirements between EB Gateways. Dial-in access security is not addressed at this time. It is expected that each EB participant will follow a very strong in ternal security policy. It is further recommended that each participant in an EB interface will provide assurance to other party that its internal security is satisfactory.

The context in which these recommendations have been formulated is specific to interactive, machine to machine communications between EB Gateways. The EB Gateways conform to the conform to the communications interface provided by the Open System Interconnection (OSI) standards with the Common Management Information Service Element (CMISE) in the application layer. Other transport protocols (e.g.,TCP/IP) are for further study.

While this document focuses on EB for trouble administration, it is anticipated that security measures discussed herein may be appropriate for other EB applications. However, there is nothing implicit or explicit in this document to claim that the security measures discussed are appropriate for other EB applications without further study¹. Implementation of these recommendations is subject to the Joint Implementation Agreement (JIA) between the customer and service provider.

Purpose

This document provides the basis for a uniform approach for the implementation of security in Electronic Bonding applications between telecommunications jurisdictions. It analyzes the security requirements for implementing Electronic Bonding (EB) and offers recommendations for security aspects of the interface specifications.

¹In particular, in the context of this TR secret security information (e.g., an encryption key) is shared between no more then two entities.