Versions Compared

Old Version 1

changes.mady.by.user Lynzie Adams

Saved on

compared with

New Version 2

changes.mady.by.user Lynzie Adams

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Attendees:

...

Kay meets monthly with NIST staff. The agenda differs depending on what is relevant at the time for either Kantara or NIST. If there is ever anything IAWG members would like to be raised, Kay would be happy to do so. She also meets bi-weekly with GSA and offers a similar sentiment. If there is anything they should know or IAWG wants addressed - please send it to Kay.

Kay shared an updated on the CARIN Alliance and the work we are doing with them.

Assurance Updates

March 24 is the due date for all NIST comments on 800-63-4. Same date applies to PIV drafts 800-157-1 and 800-217. Please submit all comments that you would like included WITH the Kantara submission to comments_iawg@kantarainitiative.org by end of day March 9. Specific topics and questions requested by NIST can be found here.

IAWG Timeline:

March 9 - All comments must be submitted to the IAWG (comments_iawg@kantarainitiative.org) by end of day
March 16 - IAWG will share the draft Kantara Comments at the IAWG meeting for review and request any edits, changes, etc be submitted prior to the next meeting
March 23 - Final draft of Kantara Comments will be shared at the IAWG meeting. The comments will be submitted to NIST after the meeting concludes. 

Feel free to use the NIST spreadsheet or it's even simpler to input comments into a similarly formatted Google Doc (link here). The Google Doc is separated into tabs for each section (base, 63A, 63B, and 63C) and we'll compile those into the official document after the March 9 deadline. 

Discussion:

SAC Updates - 1440 reference issue

The ARB recently discovered when reviewing a submission that criteria #1330 was referencing the incorrect criteria. Currently, it refers to MF OTP Verifiers. When you read the corresponding NIST language, it is obvious that it is to reference SF Cryptographic Software Verifiers. The language of the criteria needs updated from: “Criteria 63B#1040 to '1070 SHALL be fulfilled.” to “Criteria 63B#1210 to '1240 SHALL be fulfilled.” Richard was able to determine that the error occurred between revisions 3 and 4 of the IAF-1440 when some renumbering occurred and the cross-referencing was not updated. Richard shared that this is why Kantara has always displayed the NIST language in the first four columns.

The group discussed whether this was a material change (requiring public comment period) or not. Mark King feels it is correcting an mis-reference and not a material change. Richard agrees with Mark’s statement - it’s an update of a cross-reference and not a change to the criteria. Denny asked how the edit/update is shared with the community. Lynzie will send an email with the new version of the IAF-1440 and an overview of what changed to those who are currently assessed under AAL and all assessors. Additionally, she’d update the materials that are distributed when a new CSP initially reaches out.

Richard moved to update the IAF-1440 as a non-material change. Mark King seconded the motion. Motion carried with no objections.
Lynzie will move forward with the updates and share with the groups mentioned above.

Revision 4

Any Other Business:

IAWG leadership keeps an action item list.
All IAWG participants should be aware that the spreadsheet exists and that it lists everything we think the IAWG is working on or planning to work on. Please feel free to review it and correct it if needed - it is not our intent to overlook something!