...
Non-voting participants: Roger Quint, Varun Lal, Chris Lee, Jimmy Jung
Staff: Kay Chopard
Agenda:
- Administration:
- Roll Call and quorum determination
- Agenda Confirmation
- Minute approval (DRAFT minutes of 2021-08-12)
- Staff reports and updates
- LC reports and updates
- Call for Tweet-worthy items to feed (@KantaraNews)
- Discussion
- Finalize proposed criterion language regarding "comparable alternative controls."
- Finalize proposed text (if any) regarding use of "presentation attack detection" (PAD.)
- Confirmation of other non-substantive changes to criteria to be included in the package to be submitted.
- Finalize proposed criterion language regarding "comparable alternative controls."
- Any Other Business and Next Meeting Date
...
IAWG Chair Ken Dagg called the meeting to order at about 1:05PM 04PM (US Eastern), and called the roll. It was noted that the meeting was quorate.
Minutes approval: Mark King moved approval of the draft Minutes of the IAWG meeting of Aug 12 . Richard W. Mark Hapner seconded. The minutes as distributed were approved unanimously.
Staff reports and updates: ED Kay Chopard--Kay Chopard–New APM Lindsie Adams, starts next week on Monday. Hope she will be on next call. Invite anyone to offer suggestions re: any Kantara issues.
LC reports and updates: Ken – LC met yesterday. Discussion of appropriate scope of activity of Kantara WGs, DGs. Results to be communicated when finalized.
Ken reminded WG participants that Kantara staff is ready to help them publicize their newsworthy activities via the @KantaraNews Twitter handle. Requests can be sent to Ken D or Kay C.
...
Finalize proposed criterion language regarding "comparable alternative controls."
Ken invited Richard W. to comment. Thinks "make available" discussion last week was off-target. "MA" has been used for a long time, not caused a problem. Don't tell them how.
martin – need to send an alert, per David.
Richard-- can't make the RP do something.
Other things we might do: now require statement of criteria applicability; might also require that used of CAC is "mentioned" at least in their published discussion.
Ken: should we add to the criterion that RP acknowledge receipt.?
JJ - not possible or effective – won't read. But if KI provided notice we would have done all we can,
Ken : OK with everyone to go with "no change"
JJ: can we put in "Notes": comment that we (KI) are going to publish fact of CAC. If we do something unusual, we need to make sure they know about it.
RW: maybe mod language to make avail : publish how you determined CAC and config requirements to make sure it is CAC. Fact of use in S3A could be noted.
Ken: with that add-- is group OK?
Mark H: Ok with current language but CAC is so poorly defined in 63-3 hard to understand how an assessor should proceed.
RW: did try in sub-clause a-c to add some specificity.
MH: still uncomfy, but don't see what else we can do.
RW: without NIST risk assessment, how can assessor establish "comparable."? Difficult situation.
KD: asks for motion to approve language for the package: KD, MH
KD: approved.
Finalize proposed text (if any) regarding use of "presentation attack detection" (PAD.)
...