January 29, 2015 Meeting Page
From IDESG Wiki
SECURITY COMMITTEE / FUNCTIONAL MODEL MEETING NOTES - draft
Meeting Date: January 29, 2015 (Plenary)
- Adam Madlin
- Angela Rey
- Ann Racuya-Robbins
- Bill Whitescarver
- Bruce O’Dell
- Cathy Tilton
- Christopher Spottiswoode
- David Kelts, MorphoTrust
- Dave Temoshok
- Jamie Clarke
- Jeff Shultz
- Jim Kraph
- Lionel Cares
- Linda Braun, Global Inventures
- Mark DiFraia, MorphoTrust
- Paul Knight
- Ryan Galluzzo
- Notes taken by Linda Braun
- General updates:
- Adam said meeting today will be about 45-minutes; free form for people to give feedback on requirements and Plenary. He was encouraged by the overall progress that each committee has made on the requirements. We will get a written report from the FMO on the high level requirements.
- Next steps:
- The functional model tools should be used in our meetings, discussing them and promoting. Promoting the glossary, adding to the glossary and making sure we are using the functional model and gathering topics that need to be added as we go forward.
- There is work we could start right now based on feedback we received on the requirements. There should be some leveling of the requirements overall, some were potentially very demanding and might not be appropriate for the baseline, others were too simplistic. The best way to make this come together in v1 of the framework is more coordination across all committees. The new ED might be the person to do this; drive the logistics and coordinate the process.
- What does the SecComm need from the FMO to help us move forward to finalize the requirements? 80% of the IDESG think we are on the right track. 60% believe there is more clarity needed. Most important thing is we can do is to make sure everyone is onboard with the requirements. Figure out the 40 and 20 percent that needs completing in the baseline requirements. Identify what needs to be changed and approved upon and how to do it.
- For terminology, centrally look at common terms. It’s one of the factors that TFTM has identified as necessary for consolidation.
- Make sure the expression of the outcome of the requirement is clear.
- Connect.gov and FICAM requirements – is there alignment? Yes, beyond security and standards.
- Mapping – show people how requirements map.
- Testability and measurability of requirements.
- Joint meetings with each committee to collaborate on requirements. SC should initiate. Comment was that FMO should be driving this process instead of having the SC drive.
- Identify functions within the functional model that the requirements would apply to. Tying assessment process to the functions performed. Requirements that are being expressed should be tied to an operation in the functional model.
- Go through each requirement; can we map to functional model, does it overlap with other committee requirements? Make sure we are hitting the right audience.
- FMO open for business; if there are other types of work they can do, let Jamie know.
- Adam said the SC will pursue specific requirements next week. Define what we need from the FMO and finalize the request to them.
- All four Chairs should ask FMO if there are any potential conflicts tomorrow. Give to each of the four committees if requirement is complete and testable? Good idea if the SC pursues individually.
- The next major feedback from FMO won’t be for another month, this is a concern.
- Where to draw line between baseline and future requirements? Interoperability looked at NSTIC document as the visionary requirements and those became the should and best practices requirements. Is this is a good approach?
- This is the leveling discussion covered earlier; there is no clear answer yet.
- Next regular SC meeting is February 5. Adam will review slides with the committee.