January 8, 2015 Meeting Page
From IDESG Wiki
SECURITY COMMITTEE MEETING NOTES - draft
Meeting Date: January 8, 2015
- Aaron Guzman
- Adam Madlin
- Andrew Hughes
- Ann Racuya-Robbins
- Christopher Spottiswoode
- Linda Braun, Global Inventures
- Martin Smith
- NPO (Ryan Galluzzo)
- Sal D'Agostino
- Seetharama Durbha
- Suzanne Lightman
- Notes taken by Linda Braun
- Approve meeting notes
- Notes from the December 18, 2014 meeting were reviewed and approved. No objections.
- General updates:
- ROA Vote Update
- Representatives and members who participated and voted in the 11th Plenary voted to approve the Rules of the Association (yes=37 & no=7).
- Plenary update and discussion
- Adam reminded folks to register for the Atlanta Plenary if they have not already done so. The meeting is taking place January 28-30, 2015 in Atlanta at the Georgia Tech Research Institute. The overall Plenary starts on Wednesday, January 28 at 11:30am ET with the morning hours (8:00am – 11:00am) being reserved for the Management Council/Board meeting. The Plenary will likely run until 3:30pm on Friday, January 30.
- Andrew Hughes indicated that the agenda for the Plenary is being worked: the FMO will provide an update on the cross committee requirements, a number of mini sessions are being planned, updates from pilots and a good balance of committee working meetings and resource planning sessions. There is still room in the agenda to accommodate a Birds of Feather session is anyone is interested.
- External Interviews:
- At the December 18 meeting, it was noted that the security requirements interview proposal was submitted to the FMO; it was then discussed in committee. The FMO is working to get interviews and feel they can drive these on their own. The FMO is well equipped to handle this work with years of experience in conducting similar surveys. They will get input from a well-rounded set of groups and individuals who can provide valuable feedback on the requirements. The FMO will provide feedback at the Plenary, in report format. No one from the Security Committee will be participating in the interviews. First step is for the FMO to meet with members of NSTIC pilot. Then, 6-8 interviews will be conducted. The FMO is working to segment interviewees.
- The interviews will be conducted in a similar way to a normal marketing survey. Persons or organizations providing input to the survey will not be recognized, they will remain anonymous.
- Security Standards Nomination
- There are a number of standards the Security Committee might look at. Adam asked what standards the team has already looked at. NSTIC Pilots have accumulated a number of standards and it was suggested that the team look there instead of creating a list from scratch. Primary source was 800 series because of the nature of the work. The following standards were called out in the chat: 800-53, PKIX, OAuth, JWT, JWS, JWE, JWA, JWK (Java Web Tokens); 27001, OWASP App Sec Ver.
- The Standards Coordination Committee has a process to accept nominated standards. It is a simple form that needs to be filled out and submitted with the nominated standard. Appears anyone can nominate a standard.
- Action: Adam to create list of appropriate standards to be discussed at next week’s meeting. He will also touch base with Cathy Tilton to familiarize himself with the process to nominate a standard.
- Interaction Model Working Group
- Seetharama notified the group that the new Interaction Model WG weekly meetings have been rescheduled to a new day and time. Now, Monday’s at 2:00pm Eastern, starting January 12th.
- New business/other topics
- Adam Migus announced that he is now a rep with a pilot organization and will be attending the SC meetings on a regular basis.
- Adam to create list of appropriate standards. Contact Cathy Tilton.
- Next meeting January 15, 2015