IETF (Internet Engineering Task Force) Best Current Practices
The Internet Engineering Task Force (IETF) Best Current Practices (BCP) are a series of documents that capture the consensus of the IETF on a range of technical and organizational matters. They are intended to provide guidance, explanations, and recommendations on best practices to facilitate the smooth operation of the Internet and to inform users and technicians about preferred operational norms.
Definition and purpose
BCPs are not standards but are authoritative guidelines and recommendations accepted by the Internet community. The purpose of BCPs is to ensure that the Internet functions effectively and efficiently by providing guidelines that reflect the combined knowledge and experience of the world's top network engineers and experts.
The IETF, a large, open international community of network designers, operators, vendors, and researchers concerned with the evolution and smooth operation of the Internet, is responsible for the development and publication of BCPs.
BCPs are updated as needed, with each BCP being a standalone document that is revised or augmented independently. Please refer to the IETF website for the latest BCPs and RFCs.
IETF BCPs apply broadly to all entities involved with the Internet's design, operation, and maintenance. This includes service providers, software developers, hardware manufacturers, and end-users within businesses, academia, government, and beyond.
Controls and requirements
BCPs cover a wide range of topics and hence do not have a single set of controls or requirements. Each BCP addresses specific issues and contains its own list of recommendations. Examples include:
- BCP 38: Network Ingress Filtering
- BCP 72: Guidelines for Writing RFC Text on Security Considerations
- BCP 78: Rights Contributors Provide to the IETF Trust
- BCP 79: Intellectual Property Rights in IETF Technology
- Each BCP document contains specific actions, configurations, or operational procedures considered to be the best current practices for the topic it addresses.
Please refer to the official Internet Engineering Task Force Best Current Practices documentation for details on controls and requirements.
Audit type, frequency, and duration
BCPs themselves are not audited; however, organizations may internally or externally audit their own networks and systems for adherence to the practices recommended by BCPs. Review for adherence to BCPs would typically be done periodically or as part of routine network and system audits. It may also be triggered by significant changes in network configuration or operational practices.
The time required for such a review or audit would depend on the scope of the BCPs being considered and the size and complexity of the systems or networks being examined.