May 28, 2015 Meeting Page
From IDESG Wiki
SECURITY COMMITTEE / FUNCTIONAL MODEL MEETING NOTES - draft
Meeting Date: May 28, 2015
- Andrew Hughes
- Ann Racuya-Robbins
- Bob Pinheiro
- Christine Abruzzi
- Hans Vargas
- Jerry Kickensen
- Martin Smith
- Mary Ellen Condon
- Paul Knight
- Ryan Galluzzo
- Sal D’Agostino
- Steve Orrin
- Tracy Fraas
- Mary Ellen Condon led the call. Notes taken by Christine Abruzzi.
- Meeting notes from May 14 and 15 were approved by consensus.
Agenda (as distributed by Mary Ellen in advance of the call)
- Roll call – Quorum determination
- IPR Policy Reminder
- Review Agenda
- Approve past notes
- Approved security requirements were sent to the FMO May 22. Possible additional requirement from Sal per last week’s discussion
- Update regarding possible supplemental guidance for one or more the requirements
- New business/other topics
- Wrap up and actions for next week
- The group reviewed the memo sent by Adam Migus yesterday (5/27) entitled “Security Committee Requirements’ Supplemental Guidance Task Force.” The memo proposes a scoping statement for the Task Force activities and a timeline.
- In follow-up to Sal’s comment last week about a possible additional requirement around enhanced authentication techniques for devices (multifactor, additional factor, stronger factor), he proposed instead that this “requirement” be included in the Supplemental Guidance. His intent is that the language include a SHOULD instead of a MUST.
- Other topic: The question was asked if the committee knows what it will be tasked with after it finishes with the Requirements and the Supplemental Guidance.
- Possible future tasks include: updates to the functional model based on the finalized requirements; inputs to a self-assessment implementation guide; and possible tools to support the self-assessment process.
Wrap up and actions for next week
- Next meeting: June 4, 2015,
- Meeting was adjourned at 1:32 p.m.
- Sal to work with Supplemental Guidance task force to make sure language around enhanced authentication techniques is captured as supplemental guidance. Alternately, Sal to send an email to the list with his proposed language