Security Requirements

From IDESG Wiki
Jump to: navigation, search

The Security Committee is currently drafting requirements to support the development of the Identity Ecosystem Framework. These requirements are designed to align with the Functional Model and define participation in the Identity Ecosystem. Any requirements listed should be considered in development unless otherwise noted.

Requirements

Current version of the requirements and comment matrix are below:

Name Last Update
File:FMO-Combined-Reqts-Baseline-v3.6-20150523.pdf 05/23/2015 Approved requirements statements
File:Supplemental Guidance TF FINAL 06232015 Clean.docx 07/02/2015 All sup. guidance (Requirement 8 still open)
File:Security Requirements DRAFT v. 2.0 (03102015).xlsx 3/10/2015 with updates based on pilot feedback
File:Security Requirements DRAFT v. 1.0 (20150115).xlsx 1/15/2015 Submission to PMO
File:Comment matrix Draft Security Requirements 20141211.docx 12/15/2014

External Feedback

Name Last Update
File:Pilot Statement - Security - 02 19 15 final.pdf 2/19/2015
File:Security Comm Jan 15 Functional Reqts FMO notes 20150209.doc 2/12/2015
File:Security Comm Jan 15 Functional Reqts SLDavid supplemental 20150207.doc 2/12/2015

Artifacts

Name Summary
File:SEC-Security-Requirements-for-IDEF-v1 0-20150316.xlsx Security Requirements submitted to FMO on 3/13/2015
File:NSTIC Pilot Comments and Suggested Disposition 3 10 2015.pptx Pilot comment disposition deck, 3/10
File:Security Requirements DRAFT v. 1.0 (20141218).xlsx Archived version of requirements, replaced on 1/15
File:Security Requirements DRAFT v. 1.0 (20141121).xlsx Archived version of requirements, replaced on 12/15
File:Comment matrix Draft Security Requirements 20141204.docx Archived version of comment matrix, replaced on 12/15
File:Comment Matrix Draft Security Requirements Blank.docx Blank version of comment matrix
File:Security Requirements DRAFT (Catalog Template) v. 1.0.xlsx Archived version of requirements document, replaced on 11/21
File:Comment matrix Draft Security Requirements 20141120.docx Archived version of comment matrix, replaced 12/4
File:Comment matrix Draft Security Requirements 20141016.docx Archived version of comment matrix, replaced on 11/21
File:Target Statement Committee Approved.pptx Requirements target statement, approved on 11/13
File:Baseline Discussion 20141023.pptx Discussion deck presented to Security Committee on 10/23/2014
File:IAM Requirements Mapping 08082014v2.xlsx Draft Requirements Mapping, Requirements Development Sub-Group
File:Suggested Identity Service Requirements (DRAFT 091514).xlsx Discussion Draft "Identity Service Requirements," Requirements Development Sub-Group
File:Security Requirements Development Activities.docx Draft document that outlines activities, milestones, and timelines for the security committee's requierments development process
File:Requirements Input Collection Matrix.xlsx Template for the collection of input from standards, frameworks, and other sources of requirements
File:Questionnaire Recipient List 9262014.xlsx Template for the collection of potential recipients for the security committee requirements questionnaire
File:Chairs Discussion Deck Requirements 20140923.pptx Requirements development presentation contributed by the NPO to the IDESG committees for discussion and consideration

Development Process

1. Collection

1.1 Collect requirements, standards, and other inputs for the development of IDESG security requirements. (complete)

2. Consolidation and Abstraction

2.1 Consolidate input from the collection period into a single location (likely an excel spreadsheet) for distribution to the requirements working team. (complete)
2.2 Develop “straw-man” language for 15-20 requirements based upon collected input. (complete)
2.3 Committee review and discussion of “straw-man” requirements language. (complete)
2.4 Update of “straw-man” requirements language to "draft" language. (complete)

3. Questionnaire

3.1 Identify 10-15 candidates for feedback interview participation (complete)
3.2 Develop questions for feedback interviews (complete)
3.3 Committee review of draft questions and interview candidates (complete)
3.4 Schedule interview sessions (complete)
3.5 Conduct Interviews (complete)
3.6 Consolidate feedback (complete)

4. Refinement

4.1 Conduct analysis of input from interviews (complete)
4.2 Refine Security Requirements based on dispositions and feedback from questionnaires (complete)
4.3 Finalize and approve update Security Requirements (in process)

5. Process Documentation

5.1 Develop draft document describing the process for requirements development and the reasons for selected approach
5.2 Collect, discuss, and dispose of comments on requirements development

Timeline & Milestones

File:Security Requirements Development (11172014).pdf

  1. Baseline Requirements Complete: Monday, 3/16/2015




Quick Links: Security Committee | Functional Model | Security Committee Meeting Notes | Security Committee Content