a. Review and Approve Revised 63A_SAC and 63B_SACs v0.8.0 (attached).
b. GSA Sub-group discussion - Review compiled comments on GSA TFS Certification Process and ConOps (attached).
As of 2017-03-16, quorum is 4 of 8 (see list box below for voting members)
Meeting (did) achieve quorum
- Mark Hapner, Resilient
- Scott Shorter, IAWG Vice Chair
- Andrew Hughes, LC Chair
- Richard Wilsher, Zygma
- José Lopez, Zentry
- Don Campbell, Medallies
- Nathan Faut
- Colin Wallis, KI ED
- Ruth Puente, KI Executive
- Ken Dagg
Notes & Minutes
Revised 63A_SAC and 63B_SAC
Review period for SAC docs 45d from tomorrow to Jan 29.
Andrew Hughes makes the motion to approve the SAC-A SAC-B and pass it along to KI for IPR review. RGW seconds.
GSA Documents Discussion
Gathering comments on GSA Trust Framework Conops and Certification Program docs – group to gather final comments on row numbers by COB Tues, will submit to Ruth who will compile and we meet Thursday to approve, then submit to GSA by Friday.
Richard suggests that commenters Add line number in square brackets before comment, then merge by sorting on that column.
Scott to send message to IAWG, include Richard’s instructions..
Richard – broad comments we’re making, we made a stab at the costs of putting something into play.
Ruth will give CSPs until COB next Tuesday for CSPs to try to respond to the cost survey.
Mark – wish to be a CSP, won’t have an estimate of what the costs would be.
Jose doesn’t have a view of budget, don’t know how to estimate the cost of the changes.
Scott asks if assessors should try to evaluate?
Nathan – good assessor will assume each CSP will be different from the other, different complexity. If true to themselves, different clients it might be less. Should be able to make a guestimate.
RGW – could hit an order of magnitude. Estimate is that 800-53 would be at least double what they usually do.
Actions from last meeting – RGW & CW to reach out to FPKI world to ask questions, “are you seeing the same set of documents, do you recognize the certification process and conops as something from FPKI processes?” CW asked CertiPath, RGW was tasked to reach out to ExoStar.
RGW heard back that the IAL levels are of concern to ExoStar. Scott mentioned that the FPKI certificate policy working group just reviewed a document for proposed changes to the certificate policies to align with 800-63-3, but nothing that matches the GSA trust framework conops.
Richard sent the numbered PDF to Scott, who will distribute to IAWG and ask for comments.
Next meeting next Thursday 2017-12-21.
Colin reported from Consumer identity world conference in Singapore. Well attended, there were a number of people in attendance. NRI from Japan, NZ represented, conference organizers from AU, total of 28 on the sign-in sheet. Well received, although not much participation from the audience. Lengthy discussion of merits of expanding KI into asia pacific. Numbers weren’t large but the pre-conference workshop was reasonably well received. CW owes us a Director’s Corner for December, will prepare one for New Year’s Day. New membership structure starts on the first of January.