...
- RGW presents the 63-3 criteria architecture.pdf and document KIAF-1430 63A_SAC v0.05.pdf
- Scott asks why a word document is this to show the work?
- RGW defers answering – looked at a few ways to present the information.
- RGW said that he is focusing on 63A and breakdown the classic IAF 1400 into 1430 63A SAC document.
- In the diagram he presented he intents to show what we are doing in the short and long term.
- He added that we can define a NIST normative requirement or anything that is not under that category becomes a non-normative requirement.
- As modus operandi, he proposed: For the moment anything that is not a SHALL is therefore not considered to be normative, and we should put emphasis in the SHALLs.
- Scott stressed that we should work with the SHALLs, as they are critical now.
- RGW explained the approach to the work on 63A IAL 2 and AAL2 requirements:
-Every normative requirement has a place in one or more IAL or AAL.
-Each NIST normative requirement must have one SAC criterion or more than one criteria related to it. Each criterion will be given a tag, so we will have a unique tag and discrete requirement.
-In the longer term, we may want to have a guidance and relate to that a profile interpretation or more strict requirement to meet.
- RGW identified all the imperative requirements in 63A and proposed 1 or more KI criteria.:
-He prefixed with a tag, they are all 63A and he used 4.2., as it is the clause in 63A in which NIST requirement is found, and he used an incremented decimal tag.
-Between square brackets there is a single discrete requirement that is represented by a tag, and it relates to the preceding NIST text and the proposed KI criterion. In some cases, the original text is shaded in grey and replaced with alternative more precise text, in dark red italics. Where original text is used, with clarifying modification is in green. If the text is not grey shady he is saying that this is written well enough.
-He showed the spreadsheet as an alternative presentation.
Responding to 63A-4.2#0070 – two shalls in one requirement?
- Mark liked what Richard was showing – the insertion of appropriate identifiers into the original document so that the requirements can be referred to. Not a lot of crap in the document. Need identifiers, like in the spreadsheet shows you can begin to turn them into the criteria.
...
- Ken question – can’t see screen – how much of the A doc has been done. RGW – all of it for IAL2. What will it take to get the B document? When is A ready for review by members?
- 63A – this group will need 4 weeks or more to review 63A
...
- Mark confirms that we’re just doing CSP requirements for now, we will sort out later how they may get applied to subcomponent services.
Agreements:
- Use spreadsheet format to make the review cycles.
- Integrate DocBook at the end of the process (convert the Excel spreadsheet into DocBook).
...