July 09, 2015

From IDESG Wiki
Revision as of 04:01, 28 June 2018 by Omaerz (talk | contribs) (1 revision imported: Initial Upload of old pages from IDESG Wiki)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

SECURITY COMMITTEE / FUNCTIONAL MODEL MEETING NOTES - draft


Attendees

  • Mary Ellen Condon
  • Adam Migus
  • Adam Madlin
  • Ann Racuya-Robbins
  • Ryan Galluzzo
  • Sal D’Agostino
  • Steve Orrin
  • Jeff Shultz
  • Christopher Spottiswood
  • Martin Smith
  • Suzanne Lightman
  • Jim Kragh
  • Linda Braun, Global Inventures


Meeting Notes

  • Steve Orrin led the call. Notes taken by Linda Braun.


Agenda Review – as distributed by Mary Ellen in advance of the call (approved)

  • Roll call; Quorum determination. Quorum was met.
  • IPR policy reminder – https://www.idecosystem.org/system/files/filedepot/103/IDESG%20IPR%20Policy.pdf
  • Meeting notes for July 2, 2015 (motion to approve minutes accepted)
  • Supplemental Guidance discussion of open item re: #8
  • Draft response re: endorsement of HIMSS Policy
  • Security Rep(s) (1-2) to work on redress review initial approach
  • Steve indicated that he will be attending the Tampa Plenary in September.


Discussion Notes

  • Requirement#8: Sal reviewed the changes to the supplemental guidance for Requirement #8 that he had sent to the Security Committee earlier. Discussion followed. Agreed to text approved by consensus: Requirement # 8: Entities that authenticate a USER MUST offer authentication mechanisms which augment or are alternatives to a password. Supplemental Guidance: Entities MUST offer users an authentication mechanism other than single-factor authentication based on a password as a shared secret. Examples include (but are not limited to): “something-you-have” (e.g., computing device, USB token, mobile phone, key fob, etc.) or “something-you-are” (e.g., biometric), or a combination of these. The additional or alternative mechanism(s) MUST ensure the binding and integration necessary for use as an authentication mechanism. See Requirement #9 and its Supplemental Guidance for more information about choosing risk appropriate authentication mechanisms.


Security Rep(s) (1-2) to work on redress review initial approach

  • Adam Migus volunteered to work on the redress review. Ann is already involved and can help as well.


Draft response re: endorsement of HIMSS Policy

  • The Management Council asked the committee to provide feedback on the HIMSS Policy from our perspective. The Security Committee decided to review the policy at the next meeting and agree to wording in its position statement.


Wrap up and actions for next week

  • Review Security Committee position statement on HIMSS Policy.
  • Next meeting: July 16, 2015
  • Next Plenary is in Tampa, September 24 & 25, 2015. The Management Council meeting is September 23, 2015.
  • Meeting was adjourned at 2:00 p.m. EDT


Action Items

  • Steve to send Adam the agreed to Supplemental Guidance for Requirement #8 text.




Quick Links: Security Committee | Functional Model | Security Committee Meeting Notes | Security Committee Content