Hello, 

I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG.  These comments were written primarily for the benefit of the security area directors.  Document editors and WG chairs should treat these comments just like any other last call comments.

The summary of the review is READY with some very minor nits in the Security Considerations section.

I'm not well versed in this area but I'll say that the entire document is understandable and appears well written. I found no obvious errors or problems in my brief review.

The first paragraph in the Security Considerations section lists that this work is built atop YANG, NETCONF, or RESTCONF, and lists the transport protocols that are used for them, but stops short of providing guidance. My recommendation is to address this by adding a sentence such as, "Developers, implementers, and administrators of this specification should be familiar with the Security Considerations sections of those RFCs."

The remaining paragraphs of the Security Considerations section provide a list of tools that may be used along with guidance on using them to secure access to sensitive items. The authors may wish to summarize this by adding a sentence such as, "Administrators may consider using these, and perhaps other tools, to enforce a security policy."

Regards,
Chris