Versions Compared

Old Version 11

changes.mady.by.user Former user

Saved on

compared with

New Version 12

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Richard added that this is a development tool where we can put simple statements for CSPs and Assessors that have to meet or determine they have met. He questioned why we want to keep the NIST text if we want to drive a set of criteria of our own. We can retain relationship with the original text but we should focus on creating criteria. 

  • Richard commented that on behalf of ID.me he offers to take the editorship role in the subgroup work, for producing the KI criteria for IAL 2 and AAL2 of 63A and 63B. He explained that the CSP interested in 800-63-3, will be considering those functions and assurance levels into the medium term. And if others want AL1 and AL3 there will be a proofing path to do it.  He encouraged the group to move forward, getting the NIST text and produce from it applicable criteria.  

...

  • Also, he commented that Paul Grassi is producing some errata for 63-3, and asked him to give

...

  • input

...

  • before Thursday next week.  

 

...


  • Mark suggested to create an informal glossary of the tagging strategy

...

 

63A criteria AAL AL2. Have been to determine my client conformity have a  number into discrete statements. Re expression of the NIST requirements and better structure it. Better structured. Including a tagging mechanism.

You could be able to contribute that in a KI friendly form before next call.

 

MH requirement of CSP  and RP. RW is more difficult to justfy an assessment process for an RP.

 

Consent requirements are primarly RP requirements, we are not.

 

...

  • .

  • Colin asked Richard to share his work with the group before the next call. Richard commented that he has been working on 63A criteria for IAL 2 and AAL2 and was not sure if he has time to provide his contribution before the 31st due to other commitments. Scott said that he would work with Richard to provide something for the group. 

  • Mark raised the CSP and RP requirement issue. Richard commented that is more difficult to justify an assessment process for an RP and clarified that the CSPs have privacy policy with the conditions and options to consent how your info will be used.

...

  •  

What will be able to do by next week.