Omaerz: 68 revisions imported: Initial Upload of old pages from IDESG Wiki

2018-06-28T04:04:00Z

68 revisions imported: Initial Upload of old pages from IDESG Wiki

New page

The Security Committee is currently drafting requirements to support the development of the [[Identity Ecosystem Framework]]. These requirements are designed to align with the [[Functional Model]] and define participation in the Identity Ecosystem. Any requirements listed should be considered in development unless otherwise noted.

== Requirements ==

Current version of the requirements and comment matrix are below:

{| class="wikitable"
|-
! Name !! Last Update
|-
| [[File:FMO-Combined-Reqts-Baseline-v3.6-20150523.pdf]] || 05/23/2015 Approved requirements statements
|-
| [[File:Supplemental Guidance TF FINAL 06232015 Clean.docx]] || 07/02/2015 All sup. guidance (Requirement 8 still open)
|-
| [[File:Security Requirements DRAFT v. 2.0 (03102015).xlsx]] || 3/10/2015 with updates based on pilot feedback
|-
| [[File:Security Requirements DRAFT v. 1.0 (20150115).xlsx]]|| 1/15/2015 Submission to PMO
|-
| [[File:Comment matrix Draft Security Requirements 20141211.docx|Comment matrix Draft Security Requirements 20141211.docx]]|| 12/15/2014
|-
|}

==External Feedback==

{| class="wikitable"
|-
! Name !! Last Update
|-
| [[File:Pilot Statement - Security - 02 19 15 final.pdf]] || 2/19/2015
|-
|[[File:Security Comm Jan 15 Functional Reqts FMO notes 20150209.doc]]|| 2/12/2015
|-
| [[File:Security Comm Jan 15 Functional Reqts SLDavid supplemental 20150207.doc]]||2/12/2015
|-
|}

== Artifacts ==

{| class="wikitable"
|-
! Name !! Summary
|-
|[[File:SEC-Security-Requirements-for-IDEF-v1_0-20150316.xlsx]] || Security Requirements submitted to FMO on 3/13/2015
|-
|[[File:NSTIC Pilot Comments and Suggested Disposition 3 10 2015.pptx]] || Pilot comment disposition deck, 3/10
|-
|[[File:Security Requirements DRAFT v. 1.0 (20141218).xlsx]] || Archived version of requirements, replaced on 1/15
|-
|[[File:Security Requirements DRAFT v. 1.0 (20141121).xlsx]] || Archived version of requirements, replaced on 12/15
|-
|[[File:Comment matrix Draft Security Requirements 20141204.docx|Comment matrix draft security requirements 20141204.docx]] || Archived version of comment matrix, replaced on 12/15
|-
|[[File:Comment Matrix Draft Security Requirements Blank.docx|Comment Matrix Draft Security Requirements Blank]] || Blank version of comment matrix
|-
|[[File:Security Requirements DRAFT (Catalog Template) v. 1.0.xlsx]] || Archived version of requirements document, replaced on 11/21
|-
|[[File:Comment matrix Draft Security Requirements 20141120.docx]] || Archived version of comment matrix, replaced 12/4
|-
|[[File:Comment matrix Draft Security Requirements 20141016.docx]] || Archived version of comment matrix, replaced on 11/21
|-
|[[File:Target Statement Committee Approved.pptx]] || Requirements target statement, approved on 11/13
|-
|[[File:Baseline Discussion 20141023.pptx|Baseline Discussion 20141023.pptx]] || Discussion deck presented to Security Committee on 10/23/2014
|-
|[[File:IAM Requirements Mapping 08082014v2.xlsx]] || Draft Requirements Mapping, Requirements Development Sub-Group
|-
| [[File:Suggested Identity Service Requirements (DRAFT 091514).xlsx]] || Discussion Draft "Identity Service Requirements," Requirements Development Sub-Group
|-
| [[File:Security Requirements Development Activities.docx]] || Draft document that outlines activities, milestones, and timelines for the security committee's requierments development process
|-
| [[File:Requirements Input Collection Matrix.xlsx]] || Template for the collection of input from standards, frameworks, and other sources of requirements
|-
| [[File:Questionnaire Recipient List 9262014.xlsx]] || Template for the collection of potential recipients for the security committee requirements questionnaire
|-
| [[File:Chairs Discussion Deck Requirements 20140923.pptx]]|| Requirements development presentation contributed by the NPO to the IDESG committees for discussion and consideration
|-
|}

== Development Process ==
'''1. Collection'''
:1.1 Collect requirements, standards, and other inputs for the development of IDESG security requirements. (complete)
'''2. Consolidation and Abstraction'''
:2.1 Consolidate input from the collection period into a single location (likely an excel spreadsheet) for distribution to the requirements working team. (complete)
:2.2 Develop “straw-man” language for 15-20 requirements based upon collected input. (complete)
:2.3 Committee review and discussion of “straw-man” requirements language. (complete)
:2.4 Update of “straw-man” requirements language to "draft" language. (complete)
'''3. Questionnaire'''
:3.1 Identify 10-15 candidates for feedback interview participation (complete)
:3.2 Develop questions for feedback interviews (complete)
:3.3 Committee review of draft questions and interview candidates (complete)
:3.4 Schedule interview sessions (complete)
:3.5 Conduct Interviews (complete)
:3.6 Consolidate feedback (complete)
'''4. Refinement'''
:4.1 Conduct analysis of input from interviews (complete)
:4.2 Refine Security Requirements based on dispositions and feedback from questionnaires (complete)
:4.3 Finalize and approve update Security Requirements (in process)
'''5. Process Documentation'''
:5.1 Develop draft document describing the process for requirements development and the reasons for selected approach
:5.2 Collect, discuss, and dispose of comments on requirements development

== Timeline & Milestones ==

[[File:Security Requirements Development (11172014).pdf|Security Requirements Development]]

# '''Baseline Requirements Complete''': Monday, 3/16/2015

{{FMWGNavBar}}

Security Requirements - Revision history

Omaerz: 68 revisions imported: Initial Upload of old pages from IDESG Wiki