May 28, 2015 Meeting Page

From IDESG Wiki
Jump to navigation Jump to search


Meeting Date: May 28, 2015


  • Andrew Hughes
  • Ann Racuya-Robbins
  • Bob Pinheiro
  • Christine Abruzzi
  • Hans Vargas
  • Jerry Kickensen
  • Martin Smith
  • Mary Ellen Condon
  • Paul Knight
  • Ryan Galluzzo
  • Sal D’Agostino
  • Steve Orrin
  • Tracy Fraas

Meeting Notes

  • Mary Ellen Condon led the call. Notes taken by Christine Abruzzi.
  • Meeting notes from May 14 and 15 were approved by consensus.

Agenda (as distributed by Mary Ellen in advance of the call)

  • Roll call – Quorum determination
  • IPR Policy Reminder
  • Review Agenda
  • Approve past notes
  • Approved security requirements were sent to the FMO May 22. Possible additional requirement from Sal per last week’s discussion
  • Update regarding possible supplemental guidance for one or more the requirements
  • New business/other topics
  • Wrap up and actions for next week

Discussion Notes:

  • The group reviewed the memo sent by Adam Migus yesterday (5/27) entitled “Security Committee Requirements’ Supplemental Guidance Task Force.” The memo proposes a scoping statement for the Task Force activities and a timeline.
  • In follow-up to Sal’s comment last week about a possible additional requirement around enhanced authentication techniques for devices (multifactor, additional factor, stronger factor), he proposed instead that this “requirement” be included in the Supplemental Guidance. His intent is that the language include a SHOULD instead of a MUST.
  • Other topic: The question was asked if the committee knows what it will be tasked with after it finishes with the Requirements and the Supplemental Guidance.
  • Possible future tasks include: updates to the functional model based on the finalized requirements; inputs to a self-assessment implementation guide; and possible tools to support the self-assessment process.

Wrap up and actions for next week

  • Next meeting: June 4, 2015,
  • Meeting was adjourned at 1:32 p.m.

Action Items

  • Sal to work with Supplemental Guidance task force to make sure language around enhanced authentication techniques is captured as supplemental guidance. Alternately, Sal to send an email to the list with his proposed language

Quick Links: Security Committee | Functional Model | Security Committee Meeting Notes | Security Committee Content