-
Notifications
You must be signed in to change notification settings - Fork 0
/
draft-mandm-sacm-rolie-checklistdescriptor.xml
434 lines (351 loc) · 19.3 KB
/
draft-mandm-sacm-rolie-checklistdescriptor.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
<?xml version="1.0" encoding="utf-8"?>
<?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?>
<!-- generated by https://github.com/cabo/kramdown-rfc2629 version 1.0.39 -->
<!DOCTYPE rfc SYSTEM "rfc2629.dtd" [
]>
<?rfc toc="yes"?>
<?rfc sortrefs="yes"?>
<?rfc symrefs="yes"?>
<?rfc comments="yes"?>
<rfc docName="draft-mandm-sacm-rolie-configuration-checklist-00" category="info">
<front>
<title abbrev="rolie-cc-ext">Definition of the ROLIE configuration checklist Extension</title>
<author initials="B." surname="Munyan" fullname="Bill Munyan">
<organization>Center for Internet Security</organization>
<address>
<postal>
<street>31 Tech Valley Drive</street>
<city>East Greenbush, NY</city>
<code>12061</code>
<country>USA</country>
</postal>
<email>[email protected]</email>
</address>
</author>
<author initials="A." surname="Montville" fullname="Adam Montville">
<organization>Center for Internet Security</organization>
<address>
<postal>
<street>31 Tech Valley Drive</street>
<city>East Greenbush, NY</city>
<code>12061</code>
<country>USA</country>
</postal>
<email>[email protected]</email>
</address>
</author>
<date year="2017" month="June" day="16"/>
<abstract>
<t>This document extends the Resource-Oriented Lightweight Information Exchange (ROLIE) core by defining a new information-type to ROLIE’s atom:category pertaining to security configuration checklists. Additional supporting requirements are also defined which describe the use of specific formats and link relations pertaining to the new information-type.</t>
</abstract>
</front>
<middle>
<section anchor="introduction" title="Introduction">
<t>This document defines an extension to the Resource-Oriented Lightweight Information Exchange (ROLIE) protocol <xref target="I-D.ietf-mile-rolie"/> to support the publication of configuration checklist information. Many enterprises operate according to guidance provided to them by a control framework (<xref target="CIS_Critical_Controls"/>, <xref target="PCI_DSS"/>, <xref target="NIST_800-53"/> etc.), which often prescribe that an enterprise define a standard, security-minded configuration for each technology they operate. Such standard configurations are often referred to as configuration checklists. These configuration checklists contain a set of configuration recommendations for a given endpoint. A configuration recommendation prescribes expected values pertaining to one or more discrete endpoint attributes.</t>
</section>
<section anchor="terminology" title="Terminology">
<t>Configuration Checklist
A configuration checklist is an organized collection of rules about a particular kind of system or platform.</t>
<t><list style="hanging">
<t hangText='Configuration Item'>
Generally synonymous with endpoint attribute.</t>
</list></t>
<t>Configuration Recommendation
A configuration recommendation is an expression of the desired posture of one or more configuration items. A configuration recommendation generally includes the description of the recommendation, a rationale statement, and the expected state of collected posture information.</t>
<t><list style="hanging">
<t hangText='TODO: Others??'>
TBD</t>
</list></t>
<t>TODO: There needs to be a “normative” reference to the SCAP 1.2/3 specifications and schema definitions</t>
</section>
<section anchor="new-information-types" title="New information-types">
<t>This document defines a new “information-type” value of “configuration-checklist”.</t>
<section anchor="checklist-information-type" title="The “configuration-checklist” information-type">
<t>The “configuration-checklist” information type represents a body of information describing a set of configuration recommendations. A configuration recommendation is, minimally, a single configuration item paired with a recommended value or range of values. Depending on the source, a configuration recommendation may carry with it additional information (i.e. description, references, rationale, etc.). Provided below is a non-exhaustive list of information that may be considered as components of a configuration checklist.</t>
<t><list style="symbols">
<t>A “Data Stream”:</t>
<t>A “Benchmark”</t>
<t>A “Profile”</t>
<t>A “Value”</t>
<t>A “Rule” or “Group” of Rules
<list style="symbols">
<t>Description</t>
<t>Rationale</t>
<t>Remediation Instructions</t>
<t>Information, described in the dialect of a supported “check system”, indicating the method(s) used to audit the checklist configuration item.</t>
</list></t>
<t>Applicable Platform Information</t>
<t>Information regarding a set of patches to be evaluated</t>
<t>Any supported “tailoring” information, providing a method for evaluating entities to refine the recommendations in the data stream without modifying the published data stream content. (WKM NOTE: Does “tailoring” need to be here? Why would any tailoring be included in a published feed? Unless the organization is re-publishing the content with their tailoring included.)</t>
</list></t>
</section>
</section>
<section anchor="usage-of-configuration-checklist-information-in-the-atom-publishing-protocol" title="Usage of Configuration Checklist Information in the Atom Publishing Protocol">
<t>These requirements apply when a ROLIE repository contains any Collections, who’s href points to an atom:feed who’s atom:category element contains a scheme attribute of “urn:ietf:params:rolie:category:information-type” and a term attribute of the new “configuration-checklist” information-type.</t>
<figure><artwork><![CDATA[
<atom:category
scheme="urn:ietf:params:rolie:category:information-type"
term="configuration-checklist">...</atom:category>
]]></artwork></figure>
</section>
<section anchor="atom-entry-extension-point" title="Requirements for the ‘atom:entry’ Element">
<t>The following sections describe the various requirements for the <spanx style="verb">atom:entry</spanx> element, and it’s child elements, when publishing configuration checklist information to a ROLIE repository.</t>
<section anchor="the-atomcontent-element" title="The ‘atom:content’ Element">
<t>Information about the proposed serialization types for configuration checklists</t>
<t><list style="symbols">
<t>PDF</t>
<t>Text</t>
<t>Word</t>
<t>Excel</t>
<t>XML via DSC</t>
<t>JSON?</t>
</list></t>
</section>
<section anchor="format-extension-point" title="The ‘rolie:format’ Element">
<t>A configuration checklist may be published by an organization using numerous formats, such as PDF, Word or Excel documents, and automation content using XML or JSON data models.</t>
<t>This document does not specify any additional requirements for use of the rolie:format element.</t>
</section>
<section anchor="rolie-properties" title="Configuration checklist metadata included in the ‘rolie:property’ Element">
<t>A breadth of metadata may be included with a configuration checklist as identifying information. A publishing organization may wish to recognize or attribute checklist authors or contributors, or maintain a revision/version history over time. Other metadata that may be included could indicate the various categories of products to which the checklist applies, such as Operating System, Network Device, or Application Server.</t>
<t>The following list describes various ‘rolie:property’ constructs.</t>
<t><list style="symbols">
<t>author (0..n)
<list style="symbols">
<t>An unbounded number of <spanx style="verb">rolie:property</spanx> elements with a <spanx style="verb">name</spanx> attribute of “author” may be included to indicate those individuals noted as the authors of the configuration checklist.</t>
</list></t>
<t>contributor (0..n)
<list style="symbols">
<t>An unbounded number of <spanx style="verb">rolie:property</spanx> elements with a <spanx style="verb">name</spanx> attribute of “contributor” may be included to indicate those individuals noted as recognized contributors to the configuration checklist and/or the recommendations contained within.</t>
</list></t>
<t>checklist version: The <spanx style="verb">value</spanx> of the “checklist version” property indicates the version number of the configuration checklist, such as <spanx style="verb">3.1.1</spanx></t>
<t>title: The <spanx style="verb">value</spanx> of the “title” property indicates the document title of the configuration checklist, such as “CIS Benchmark for Microsoft Windows Server 2012 R2”</t>
<t>publication date</t>
<t>overview</t>
<t>Product category (0..n), such as
<list style="symbols">
<t>Antivirus Software</t>
<t>Application Server</t>
<t>Auditing</t>
<t>Authentication</t>
<t>Automation/Productivity Application Suite</t>
<t>Client and Server Encryption</t>
<t>Configuration Management Software</t>
<t>Database Management System</t>
<t>Desktop Application</t>
<t>Desktop Client</t>
<t>DHCP Server</t>
<t>Directory Service</t>
<t>DNS Server</t>
<t>Email Server</t>
<t>Encryption Software</t>
<t>Enterprise Application</t>
<t>File Encryption</t>
<t>Firewall</t>
<t>Firmware</t>
<t>Handheld Device</t>
<t>Identity Management</t>
<t>Intrusion Detection System</t>
<t>KVM</t>
<t>Mail Server</t>
<t>Malware</t>
<t>Mobile Solution</t>
<t>Monitoring</t>
<t>Multi-Functional Peripheral</t>
<t>Network Router</t>
<t>Network Switch</t>
<t>Office Suite</t>
<t>Operating System</t>
<t>Peripheral Device</t>
<t>Security Server</t>
<t>Server</t>
<t>Virtual Machine</t>
<t>Virtualization Software</t>
<t>Web Browser</t>
<t>Web Server</t>
<t>Wireless Email</t>
<t>Wireless Network</t>
</list></t>
</list></t>
</section>
<section anchor="atom-link-registrations" title="atom:link Registrations">
<t>TODO: Can there be multiple of these links? For example, I really want more than one target-platform and more than one profile.</t>
<texttable>
<ttcol align='left'>Name</ttcol>
<ttcol align='left'>Description</ttcol>
<ttcol align='left'>Conformance</ttcol>
<c>ancestor</c>
<c>Links to a configuration checklist supersceded by that described in this entry</c>
<c>MAY</c>
<c>target-platform</c>
<c>Links to a software descriptor resource defining the software subject to this configuration checklist entry</c>
<c>SHOULD</c>
<c>version</c>
<c>Links to a text resource indicating the version of the configuration checklist</c>
<c>MUST</c>
</texttable>
</section>
</section>
<section anchor="iana-considerations" title="IANA Considerations">
<t>Per this document, IANA has added an entry to the “ROLIE Security Resource Information Type Sub-Registry” registry located at <eref target="https://www.iana.org/assignments/rolie/category/information-type">https://www.iana.org/assignments/rolie/category/information-type</eref>.</t>
<t>New IANA table for “ROLIE Entry Format”</t>
<t><list style="symbols">
<t>scap-1.2</t>
<t>PDF</t>
<t>xccdf-1.2-collection</t>
<t>oval</t>
<t>cvrf</t>
<t>cve (should we reuse the enumref?); Look at the “enumref” and see if we can copy/paste configuration checklist-specific information in a similar manner? Can we then include that enum reference in the ROLIE extension document or should we create a new “enumref” document separately?</t>
<t>vulnerability</t>
</list></t>
<t><list style="hanging">
<t hangText='name:'>
configuration-checklist</t>
<t hangText='index:'>
TBD</t>
<t hangText='reference:'>
TBD</t>
</list></t>
</section>
<section anchor="security-considerations" title="Security Considerations">
<t>TBD</t>
</section>
<section anchor="privacy-considerations" title="Privacy Considerations">
<t>TBD</t>
</section>
</middle>
<back>
<references title='Normative References'>
<reference anchor='I-D.ietf-mile-rolie'>
<front>
<title>Resource-Oriented Lightweight Information Exchange</title>
<author initials='J' surname='Field' fullname='John Field'>
<organization />
</author>
<author initials='S' surname='Banghart' fullname='Stephen Banghart'>
<organization />
</author>
<author initials='D' surname='Waltermire' fullname='David Waltermire'>
<organization />
</author>
<date month='May' day='26' year='2017' />
<abstract><t>This document defines a resource-oriented approach for security automation information publication, discovery, and sharing. Using this approach, producers may publish, share, and exchange representations of software descriptors, security incidents, attack indicators, software vulnerabilities, configuration checklists, and other security automation information as web-addressable resources. Furthermore, consumers and other stakeholders may access and search this security information as needed, establishing a rapid and on- demand information exchange network for restricted internal use or public access repositories. This specification extends the Atom Publishing Protocol and Atom Syndication Format to transport and share security automation resource representations.</t></abstract>
</front>
<seriesInfo name='Internet-Draft' value='draft-ietf-mile-rolie-07' />
<format type='TXT'
target='http://www.ietf.org/internet-drafts/draft-ietf-mile-rolie-07.txt' />
</reference>
</references>
<references title='Informative References'>
<reference anchor="NIST_800-53" target="http://deusty.blogspot.com/2007/09/stunt-out-of-band-channels.html">
<front>
<title>NIST 800-53</title>
<author initials="R." surname="Hanson" fullname="Robbie Hanson">
<organization></organization>
</author>
<date year="2007" month="September" day="17"/>
</front>
</reference>
<reference anchor="CIS_Critical_Controls" target="https://www.cisecurity.org/critical-controls/">
<front>
<title>CIS Critical Security Controls</title>
<author >
<organization></organization>
</author>
<date year="2016" month="August" day="31"/>
</front>
</reference>
<reference anchor="PCI_DSS" target="https://www.pcisecuritystandards.org/document_library?category=pcidss&document=pci_dss">
<front>
<title>PCI Data Security Standard</title>
<author >
<organization></organization>
</author>
<date year="2016" month="April"/>
</front>
</reference>
</references>
</back>
<!-- ##markdown-source:
H4sIAIDzQ1kAA81abXMbtxH+fr8CpWcaeYZHSXabFzaJK0tyrMayNKIcN5PJ
WOAdSKK6FxbAiWYt//c+u8C9kaLjNtOZfrClwwGLfd9n9xTHcZSUqS7mY1G5
Wfx1FDntMjUWJ2qmC+10WYhyJtxCiauLV2enIimLmZ5XRvKrZKGS20xbJ07f
O1VYrEVyOjXqbixMmWkVJ0ms3rsoLZNC5qCbGjlzcS6LNI+tTPI4bOuSjRuy
8cFBlEin5qVZj4UuZmUUWYfD72RWFiC3VjZa6rH4xZXJUNjSOKNmFr+tc/9L
Uua5Kpz9NYpk5RalGUdCxPgnQM6OxfOROK+KtSx4yfP4XGdZd7U0UM8xqCgj
ZqURZ/RboZyYqKQy2q15l8XVyo3F00NxrZKF+ElmmVqLE6PvFG9IsHMsTiW0
9QO2FtPKLobi9c/+ZZni5sMnB18ehueqcCT0m8kRL6hc6mwspuBtlDNvI63c
7K9zWh9BzL5cR5CrLNwdtquOaEepzDde/D9JJ8HeaDXKawY70kVkfZPDQe4U
2fD12eT63dcHB/Gfn46ZhJNmThwunFuO9/dTVVm3Hk2zcm6XpSMa+08ODr7a
P/hm3zpcH5cV/s3iKdwJHieLQmV2tHB55sn5OKBrhL+Gl1snapV6VU6nWomX
srBlEd6wEa5G3cUUjjwWxEN88E18+FWE1eOzybtjKFknMnt3DLERDnZbHguB
VqvVKNE2GGUEs+0n4SSFD5/c77IO2qKm3RhT1Jf0WDr8Mj74On56SCxdHp+9
O5lMdjOxbLngWJQmtcwOgryiYHuX6amRZv2sDt3vcCS19o/1Bnp+h4Uut7hW
nEgnW04ngfgWp3+KojiOhZzCKWXiouh6oa2oiQtFqSi1PmkpW1YmUfGF0eTi
qXil5wu3UvQ/XD24FFLZ6XvygbkSe5zoHsNHjRLTtUg5ExZzIUWhVkK3Z2K3
XirhSp8av7BCujIf10KLpTJO+qPYU6tsVwa1I4HoTDnlwl62Wi6RzeiwUf+s
tFGcxoQEUzKzpWcL8qwWGuGYKgtnmCoWurKKkrZdqkTPdCI8wzhbpCLTxS0o
Zny73eCRDj8k48grPNdpiqQRfRiLR5q8KK0S2vMxekRZo3neNIhnle73tqEy
UV/3Owy0NCWyfpmJDx/+cBafcDqMc50pX1M+fmS1ez3yXctqmiEY6qK2q5R1
pIdNzmWxFpwdlwZ+b0UJncHEQibwkDRobl7pVBaJIqbudAoxvHw5eZAUIT7F
zCBhrEpzK/Y+fHgw9j9+HEKeEIP+oZPpIJNyyejxMJi9nEGduLO1vnSs5obf
oHzwUMfqsHFFKKsgVvuKoBqgJIg75PmiRP5ckyTrWnDoZFLhdU2vf9x7qOcL
FVgZ43Uh7acc/3qhwOquDaw+eCkJgbq0ZTqjfJVPAwckgRRzFArSRLos4awU
XZ881mrRwksROuSLdzKr1GaUAHigaIqc8kOqcUbBG+p7kAMciFROWUQNhwpM
AUWzIilSrtvHKDrucXRcixxt8trxTo4jpFtZ6H+x8VAnk9qnTZVRoE1R26CC
pUQGSapMGnELU3NSQM6GV4L/JXIAOfpok4szbIjG4gdVwN5ZtsaZoizWeVlZ
sdJu8YCsWzSuerrdEmdD9TrkBjKB7UBOZDVN/rMsUbHZrXrK79PUYNv+tpnn
jVi6SLIKV9RXwfjLLuDtHxxCn56izBQ5v+OMPOSsStsbp+F33kvZNB0BuqkF
WfLi5GIsLnDY2GfPoPLr5yf1KiLCUDJWVMhKMaUIHhQ1ABr42FKUcUIinRwf
XYrD0ZP9p03irwMSDFo4UC5DLePl4JxI9/Fmurfkpq8fqAN2V2LnqjHY3D7w
8UOqGOwA+IORZ6NF/JtEwMsj0sZuEltsRp+9XXAFN4ocz5dXMS3TNXHc3RWq
qwcBn5OCftsNNXoTpAGdkyuSb1lQzx7yaUQxBwGHnmzp1OmJwsFwYQRXPmHh
+hO1xB7imKSEPnyZHfpitJuvXAKhSAP4wvdpBHkLSro62dMjlIJO2Axbn4Rs
TagMfcUCS5d1aZyqrFxx0AskFvSHCwmsDrcWnOE2lM81jdiasnYsSJA6uKDk
S+QDshvObArWWJzQC8wx8OgSfYzMB2Ph156D3UUuze3AP4PHGRBEePqJtBl+
v0JmHZCuBz+YsloO6Epa8yA2hsIbTYSVq1oF9TMSRqpDji2AXT1aqgl0sM6w
wXMpVOHzk5aUS7ygAdTg7YClDFl9MMTulOOeKhVO5QrdSrpnHxMm9HW4gjX5
XVtStn1uRDIvl4SWpnDKy1AqujxGPY5h+7n0aKiJkKV0uKNOX4pcE4kxJdKA
VB0ZUFuz0uBsLzaHAUt5ml4SD048JVqH7eGb/g7jgc525raNDskBLDsAezcV
ybxM9Wxd64sRol2Aqe5egh+KIMTe2x/PxeuL69MxAqzEtV3WKVcHWSl3PxPi
7QJRVFYZnBUCN1tpR6g9bF7ZuXYGIjj5poBj+cIUKn1TKI2Kw/aa6cCeD1gs
aNO5q75o9JgTbWXlXCHHxtSqdAjFNZim1P+GNpEFd6CTnuGDbo9AT1y2jF0G
epGHdv0eBp4FzSwUye7HSkjBpdWO2qYA9iwr7bhBN5Ywb4kmawFDC8YfbHYA
B267SHNhR78NUxlf26Hrq6Fq4QtXqMoUY2ohxkBNMrdjbiIaMuPt4kZ1VQpC
d31KdRf1+QVrFHEO+LbPeJgkeGa/+8/5C+eJwe928vL9aDT6dr938fe+JLOH
KBrTxE3XFrPeyUeuugalqCSpv2A6fOYLcer1zsV4BjOWK/ILG6zZ71jvpNEE
L81DVG9aqje1NT3s0g7WThYaERbW2UuoJWo98TPaPPajLU+EVQL08HKFOGsk
E48eRd1I8Kib04gpQYSgoDLI23X0MoRisXZ1OlSpLk9e4P9rmprG4i1aTPxA
76sy/Pz7+Stxp6U4mRzj6W+Ti9fPvLE8Fw8YKgjgncXvak2zu8sI9bZNTNTG
Fv1kVBFkEQWgoCHbhSkD2kvqDlGeIciQBaCqyRI0yNF6+8kKeg1XhyTmiZKc
OEQC+kyMNE3TuWhrtEBZuChdwLxrThodxLLlUGE2wlWio5PafwIc9UNpMiM6
P82A+NFGNuzoSjnJTHaTumu1Hsisu3qforCkjhr49njQeUMlAL5dJoKGAYVQ
AH356k8tjroR0LMa3bLCC18yk3JObSQpu81hnTt42mmFd1n/Hs9DbsGQTENX
btSdJq/bv0MnQ5fARpzLSywIp3MaGnCf00rbhXWNyAlXywBi+qkhZCcq9oQt
/LCJK4AfhfQhDZUYrTrOeMHDC9LGhLHSEA2O40nMCZgnYAyRAuRhPU2UAfPU
pfXyF1NPm0lBzd2WqQmpMsKzDD+9IsXewWhUPA6A7wghVCBnMJRHGE2hHoh2
0yfVpDxbO8QNTZ1vNqqXv2CwpVHop6NOJCV+BKyqZMaR46E0aa8x9qyGFQ+j
6bjrC/9DkTq3/NdyNR6e9hy4bpp3xlaR7ofqs4klA4wI8akL1kdzMAQA9+/i
hruxm1qhg61tA1GrpBHGm6KOo1aFn+C2dfKbp6PD0eENOApD9Ye44Fc7b24y
K2/77JsH9LGhaaY4057rxJS2nDnxFleUKxtCiob4T8TVE+qruhNZmvBjiVLG
nVYrqoQ+yEWDiLyvNbc2TofeURtE4QS3raSpG67tcBb1G+qCEM7NI4QsXNjb
LobitB8YwS3QV49qhW4p7D/OaIDNdS1cdlokZt3tCPsV5FwWwNms7A3GqVOd
Svh0dwunrbbZvHXlssvLxhvPTb348vgyMFWvoCgmnKJpGfmvXn896W88pQ9w
G0uNWJt8n7Zj523OXqCv3lbJCzCyklnWPuYdgi+hzYVCSfBJuu6UuezBFK16
mh4aOZcj50S5MBXtKe7Hn87Db+dbcp3LrHP1eTklhidlVnXYPS8Lwoat65xX
mdPxi6pIAuK4BORbLmjEGHbUdeYK6LC5q16cIIkki7B4MZtByJ5TbZatsNxe
0tdM++2sK1jv4SdtHHIkpAVwLlR/tQYJG3Z9q6biuUEIN1RopUf2LezIPSs7
zOZiELfTWNB3qNiouaZveJxZGWMx0OZvVFfdd/VU9FgysqIPc0rkpPplk6Ss
4o9bFu3zC5oSvJf5ksZPZ0jhPO9dycL5wTGwR8GTZP95M65H4Ry8/R1LPxBC
Eb9/jRp13xnz3FM4E+YqEnUf3dMPQj33r4gL31Lsqi+2gl1tolKPrBkLbYx8
gHK55bk/P/oZ1Dc47V5ig7GaYRwNBMNntfbrpZ8Bhp22mv6DpklcBvXOTzOB
g8nLizevTsBEKEvdyx1ajva2jfFTXcY+XUXuz99Mru/DPFojpON6zNc4hjg7
en1E6bOzHEWXBC677cDQ71ugIKEHIARQeBHqej/wPV4TJvXXx95E45pmwpNq
GgcXXNO03f8mspKKEQg78Uv3mzixzd/ApbV6XjC42WfUs19Xr/3NDv3Xvd9L
4THckub0LLXjUR1V3iDlKUv+gk8MCITaRC7jw9GTpsl8nyTpjFbi9isSl2BJ
zWZyZ2b8Q4k9u2BkviI8RC0Uf/AAOjFq9uzxX8SrsrwlnbCOw7ofkFgFr5jR
wURSl7dc7y+ldTudIW6+Wuv+kIkm5LmmT1k5/amGQZhTNlgxL0UNDH0oEQed
LyShHfNaab9AN1AHKmvlS5At6OuuH+E0sjSbraL5i1PZ+hmUc1dl9DkJpYL+
UCbivweJxmLHtIX+iCVV78f1p56GxWblUe8PNbreHl5fGn0nk4feCv+RfiqT
2+jfxOkALdglAAA=
-->
</rfc>