IEEE ISSAA Minutes (08Nov05)

	Information System Security Assurance Architecture (ISSAA) Working Group (P1700)

Unapproved MINUTES November 8, 2005 Johns Hopkins University Applied Physics Laboratory, Laurel, Maryland USA

Presiding & Author of Minutes: Jack Cole

Meeting was called to order at 9:30 am ET . Participants introduced themselves, and attendance taken.

The agenda was accepted as proposed, and the IEEE Patent Policy was reviewed using the authorized slide set.

The IEEE Computer Society's Information Assurance Standards Committee (IASC) that sponsors P1700 seeks out collaborations inside IEEE and with organizations outside of IEEE in order to achieve the widest acceptance for standards.

IEEE and the InterNational Committee for Information Technology Standards (INCITS, http://www.incits.org) are two of approximately 200 ANSI-accredited standards development organizations (SDOs), and IEEE and INCITS focus on information technology standards.

INCITS has a Cyber Security Technical Committee "CS1" that formed in April 2005 (see http://www.incits.org/tc_home/cs1.htm), chaired by Dan Benigni/NIST. Dan and Jack met at the ANSI Homeland Security Standards Panel meeting at NIST in September, and Dan and Stu have offices not far apart at NIST.

Dan has suggested exchanging liaisons with P1700, which will be done once the formal requirements of the exchange are understood. Until then, the person Dan suggested as liaison from CS1 will be put on the ISSAA mailing list and kept informed of meetings, etc.

Stu has suggested developing P1700 jointly with INCITS. From the perspective of others in IEEE who have or are attempting similar joint development of other standards, it seems that there are considerable legal hurdles (e.g., copyright of the standard) and other hurdles to overcome to do this. It is not impossible, but would add significant further delay to development of P1700, and require time and effort for which there is no support.

So an exchange of liaisons will probably occur, but joint development with INCITS is unlikely.

Stu mentioned that there is interest in P1700 from parties in countries such as Sweden, Japan, and India.

Jack mentioned interest by the Committee on National Security Systems (CNSS.gov), and that P1700 is part of the CNSS roadmap for cyber security standards.

RESULTS OF DISCUSSION
It was clarified that letter to the working group on the subject of "clause 7", which concerns the application of ISSAA to complex systems, was a suggested course of action and potential wording for clause 7.

It was noted that there is wording in 1.3 related to clause 7 which needs to be removed, and 1.3 cleaned up.

It was decided to make clause 7 section 4.3, as the present clause 7 relates to clause 4. And this new section 4.3 will add wording that refocuses it to the systems level.

Scott reminded us that a few of the NIST special publications have been reviewed and "de-governmentized". These are online at ISSAA.org, and Jack will make links to them easier to find. The group pointed out that editing these NIST SPs would not be easy or quick.

ACTION
Scott will take the lead on identifying terms and definitions for the definitions clause, but everyone in the working group needs to read the draft to help Scott identify these. The definitions that Scott provides will be up for discussion by the group. The IEEE Authoritative Dictionary on Standards Terms will be consulted to see if there are any re-usable terms and definitions. Some of the terms in the draft are bolded, others are included in the short list of translations performed by Stu and Jack on October 11 (see notes for that meeting).

DOCUMENTS: No documents resulted from this meeting.
Next Meeting: December 6, 2005, JHUAPL, Laurel, MD
Adjournment at 12pm ET