July 9, 2015 Meeting Page
SECURITY COMMITTEE / FUNCTIONAL MODEL MEETING NOTES - draft
- Mary Ellen Condon
- Adam Migus
- Adam Madlin
- Ann Racuya-Robbins
- Ryan Galluzzo
- Sal D’Agostino
- Steve Orrin
- Jeff Shultz
- Christopher Spottiswood
- Martin Smith
- Suzanne Lightman
- Jim Kragh
- Linda Braun, Global Inventures
- Steve Orrin led the call as Mary Ellen was taking the call from her cellphone. Notes taken by Linda Braun.
Agenda Review – as distributed by Mary Ellen in advance of the call (approved)
- Roll call; Quorum determination. Quorum was met.
- IPR policy reminder – https://www.idecosystem.org/system/files/filedepot/103/IDESG%20IPR%20Policy.pdf
- Meeting notes for July 2, 2015 (motion to approve minutes accepted)
- Supplemental Guidance discussion of open item re: #8
- Draft response re: endorsement of HIMSS Policy
- Security Rep(s) (1-2) to work on redress review initial approach
- Steve indicated that he will be attending the Tampa Plenary in September.
- Requirement#8: Sal reviewed the changes to the supplemental guidance for Requirement #8 that he had sent to the Security Committee earlier. Discussion followed. Agreed to text approved by consensus: Requirement # 8: Entities that authenticate a USER MUST offer authentication mechanisms which augment or are alternatives to a password. Supplemental Guidance: Entities MUST offer users an authentication mechanism other than single-factor authentication based on a password as a shared secret. Examples include (but are not limited to): “something-you-have” (e.g., computing device, USB token, mobile phone, key fob, etc.) or “something-you-are” (e.g., biometric), or a combination of these. The additional or alternative mechanism(s) MUST ensure the binding and integration necessary for use as an authentication mechanism. See Requirement #9 and its Supplemental Guidance for more information about choosing risk appropriate authentication mechanisms.
Security Rep(s) (1-2) to work on redress review initial approach
- Adam Migus volunteered to work on the review. Ann is already involved and can help as well.
Draft response re: endorsement of HIMSS Policy
- The Management Council asked the committee to provide feedback on the HIMSS Policy from our perspective. The Security Committee decided to review the policy at the next meeting and agree to wording in its position statement.
Wrap up and actions for next week
- Review Security Committee position statement on HIMSS Policy.
- Next meeting: July 16, 2015
- Next Plenary is in Tampa, September 24 & 25, 2015. The Management Council meeting is September 23, 2015.
- Meeting was adjourned at 2:00 p.m. EDT
- Steve to send Adam the agreed to Supplemental Guidance for Requirement #8 text.