Security Requirements
Jump to navigation
Jump to search
The Security Committee is currently drafting requirements to support the development of the Identity Ecosystem Framework. These requirements are designed to align with the Functional Model and define participation in the Identity Ecosystem. Any requirements listed should be considered in development unless otherwise noted.
Requirements
Current version of the requirements and comment matrix are below:
| Name | Last Update |
|---|---|
| File:FMO-Combined-Reqts-Baseline-v3.6-20150523.pdf | 05/23/2015 Approved requirements statements |
| File:Supplemental Guidance TF FINAL 06232015 Clean.docx | 07/02/2015 All sup. guidance (Requirement 8 still open) |
| File:Security Requirements DRAFT v. 2.0 (03102015).xlsx | 3/10/2015 with updates based on pilot feedback |
| File:Security Requirements DRAFT v. 1.0 (20150115).xlsx | 1/15/2015 Submission to PMO |
| File:Comment matrix Draft Security Requirements 20141211.docx | 12/15/2014 |
External Feedback
| Name | Last Update |
|---|---|
| File:Pilot Statement - Security - 02 19 15 final.pdf | 2/19/2015 |
| File:Security Comm Jan 15 Functional Reqts FMO notes 20150209.doc | 2/12/2015 |
| File:Security Comm Jan 15 Functional Reqts SLDavid supplemental 20150207.doc | 2/12/2015 |
Artifacts
| Name | Summary |
|---|---|
| File:SEC-Security-Requirements-for-IDEF-v1 0-20150316.xlsx | Security Requirements submitted to FMO on 3/13/2015 |
| File:NSTIC Pilot Comments and Suggested Disposition 3 10 2015.pptx | Pilot comment disposition deck, 3/10 |
| File:Security Requirements DRAFT v. 1.0 (20141218).xlsx | Archived version of requirements, replaced on 1/15 |
| File:Security Requirements DRAFT v. 1.0 (20141121).xlsx | Archived version of requirements, replaced on 12/15 |
| File:Comment matrix Draft Security Requirements 20141204.docx | Archived version of comment matrix, replaced on 12/15 |
| File:Comment Matrix Draft Security Requirements Blank.docx | Blank version of comment matrix |
| File:Security Requirements DRAFT (Catalog Template) v. 1.0.xlsx | Archived version of requirements document, replaced on 11/21 |
| File:Comment matrix Draft Security Requirements 20141120.docx | Archived version of comment matrix, replaced 12/4 |
| File:Comment matrix Draft Security Requirements 20141016.docx | Archived version of comment matrix, replaced on 11/21 |
| File:Target Statement Committee Approved.pptx | Requirements target statement, approved on 11/13 |
| File:Baseline Discussion 20141023.pptx | Discussion deck presented to Security Committee on 10/23/2014 |
| File:IAM Requirements Mapping 08082014v2.xlsx | Draft Requirements Mapping, Requirements Development Sub-Group |
| File:Suggested Identity Service Requirements (DRAFT 091514).xlsx | Discussion Draft "Identity Service Requirements," Requirements Development Sub-Group |
| File:Security Requirements Development Activities.docx | Draft document that outlines activities, milestones, and timelines for the security committee's requierments development process |
| File:Requirements Input Collection Matrix.xlsx | Template for the collection of input from standards, frameworks, and other sources of requirements |
| File:Questionnaire Recipient List 9262014.xlsx | Template for the collection of potential recipients for the security committee requirements questionnaire |
| File:Chairs Discussion Deck Requirements 20140923.pptx | Requirements development presentation contributed by the NPO to the IDESG committees for discussion and consideration |
Development Process
1. Collection
- 1.1 Collect requirements, standards, and other inputs for the development of IDESG security requirements. (complete)
2. Consolidation and Abstraction
- 2.1 Consolidate input from the collection period into a single location (likely an excel spreadsheet) for distribution to the requirements working team. (complete)
- 2.2 Develop “straw-man” language for 15-20 requirements based upon collected input. (complete)
- 2.3 Committee review and discussion of “straw-man” requirements language. (complete)
- 2.4 Update of “straw-man” requirements language to "draft" language. (complete)
3. Questionnaire
- 3.1 Identify 10-15 candidates for feedback interview participation (complete)
- 3.2 Develop questions for feedback interviews (complete)
- 3.3 Committee review of draft questions and interview candidates (complete)
- 3.4 Schedule interview sessions (complete)
- 3.5 Conduct Interviews (complete)
- 3.6 Consolidate feedback (complete)
4. Refinement
- 4.1 Conduct analysis of input from interviews (complete)
- 4.2 Refine Security Requirements based on dispositions and feedback from questionnaires (complete)
- 4.3 Finalize and approve update Security Requirements (in process)
5. Process Documentation
- 5.1 Develop draft document describing the process for requirements development and the reasons for selected approach
- 5.2 Collect, discuss, and dispose of comments on requirements development
Timeline & Milestones
File:Security Requirements Development (11172014).pdf
- Baseline Requirements Complete: Monday, 3/16/2015
Quick Links: Security Committee | Functional Model | Security Committee Meeting Notes | Security Committee Content