July 30, 2015 Meeting Page
From IDESG Wiki
SECURITY COMMITTEE / FUNCTIONAL MODEL MEETING NOTES - draft
- Mary Ellen Condon
- Adam Migus
- Christine Abruzzi
- Ann Racuya-Robbins
- Ryan Galluzzo
- Steve Orrin
- Paul Knight
- Suzanne Lightman
- Martin Smith
- Sal D’Agostino
- Linda Braun, Global Inventures
- Mary Ellen led the call. Notes taken by Linda Braun.
Agenda Review – as distributed by Mary Ellen in advance of the call (approved)
- Roll call; Quorum determination. Quorum was met.
- IPR policy reminder – https://www.idecosystem.org/system/files/filedepot/103/IDESG%20IPR%20Policy.pdf
- Standards and Security Committee Requirements – core ones and mapping?
- Ryan updated the list and took out the standards that have already been adopted. ISO 270001 and ISO 270002 going through review process with the Standards Coordination Committee now, and hopefully, adopted at the September plenary. Two new categories added: Information Security and Identity. Prioritization of standards updated and top priorities are: ISO 29115, NIST-SP 800-63 and GPG 43, 44, 45. Also added new tab in the spreadsheet called “frameworks” priority for mapping. We could put in an SME request to start working on mapping. Steve commented that NIST-SP-800-157 is the correct priority right now and they are tracking it from broader perspective.
- Any mechanism to check interoperability of standards? Going forward, the Security Committee should try and understand if there are items that might have a negative impact on different parties to interoperate.
- Request form for standards – Ryan will go forward with the priority list he presented and will put up on the wiki. He will start to fill out the nomination forms.
- NSTIC Pilot Requirements – Task Force recommendations
- Adam Migus, Ryan, Ann and Martin Smith met last week to discuss the feedback from the NSTIC. Three comments came back from the pilots. Task Force made changes to Secure-14. Security logs and Secure-15. Security Audits. No change to Secure-1.Security Practices. Discussion continued on changes the Task Force made on Secure-14. Ryan and Adam to update wording and bring back to committee next week. Changes to Secure-15 accepted by committee. Adam will bring final document to meeting next week. Deadline to submit is August 7.
- FMO update
- No update on SME request.
- At the recent chairs meeting, the FMO agreed to coordinate work on glossary. Security Committee members can contribute to the glossary on the wiki. Martin will send existing glossary links to Paul.
- FMO putting together descriptions on the use of key words “must” and “should” for supplementary guidance, which is being reviewed by plenary leadership. Paul to send out to Security Committee listserv.
- Next meeting: August 6, 2015
- Next Plenary is in Tampa, September 24 & 25, 2015. The Management Council meeting is September 23, 2015.
- Meeting was adjourned at 1:08 p.m. EDT.
- Adam and Ryan to put final wording together on NSTIC pilot requirements feedback.
- Ryan to start filling out nomination form for standards.
- Paul to follow-up about SME request.
- Martin to send existing glossary links.