Securing information and the systems that store, process, and transmit that information is a challenging task for organizations of all sizes, and many security practitioners spend much of their time on manual processes. Standardized processes to collect, verify, and update security system configurations would allow easier automation of the processes. Automating these routine tasks would free security practitioners to focus on high priority tasks, and should improve operators' ability to prioritize risk based on timely information about threats and vulnerabilities. This working group will define security automation protocols and data format standards in support of information security processes and practices. These standards will help security practitioners to be more effective by automating routine tasks related to client and server security freeing them to focus on more advanced tasks. The initial focus of this work is to address enterprise use cases pertaining to the assessment of endpoint posture (using the definitions of Endpoint and Posture from RFC 5209).

The working group will, whenever reasonable and possible, reuse existing protocols, mechanisms, information and data models. Of particular interest to this working group are the security automation specifications supporting asset, change, configuration, and vulnerability management.

The working group will define:

1. A set of standards to enable assessment of endpoint posture. This area of focus provides for necessary language and data format specifications.

2. A set of standards for interacting with repositories of content related to assessment of endpoint posture.

This working group will achieve the following deliverables:

- An Informational document on Use Cases
- An Informational document on Requirements
- An Informational document on SACM Architecture
- A standards-track document specifying a protocol and data format for retrieving configuration and policy information for driving data collection and analysis
- A standards-track document specifying a protocol and data format for collecting actual endpoint posture 

The working group will create an overview of related standards work Internet-Draft which will document existing work in the IETF or in other SDOs which can be used as-is or as a starting point for developing solutions to the SACM requirements. The working group may decide to make of this document an Informational RFC, but this is not a mandatory deliverable.  

The working group will work in close coordination with other WGs in the IETF (including but not limited to MILE and NEA) in order to create solutions that do not overlap (for example for the repository access protocol) and can be used or re-used to meet the goals of more than one working group. 

In accordance with existing IETF processes, the group will communicate with and invite participation from other relevant standards bodies and regulatory organizations, and if necessary reuse existing liaison relationships or request the establishment of new liaison relationships.

After the work items in the current charter have been submitted to and approved by the IESG, the WG will recharter or close.