Attendees:
...
Administration:
Roll call, determination of quorum
Minutes approval
Kantara updates
Assurance updates
Discussion: 800-63-3 Criteria Issues to Resolve
T5-1 notification
supervised remote proofing proposal
OPD#0010
S3A
Any Other Business
Meeting Notes
Administration:
IAWG Chair Andrew Hughes called the meeting to order. Roll was called. Meeting was quorate.
...
Kay reported it’s still a full pipeline in the U.S. - but much slower in the U.K. She’s hoping that changes and hopes to hire on a Program Manager over there that can run the program similarly to how Lynzie runs the U.S. program. There have been lots of conversations with several agencies - including GSA - about our program and the need to have a Kantara Trust Mark to be on their schedule.
Discussion:
T5-1 notification
Andrew shared the drafted notification and provided background information for anyone not aware. Richard moved to accept the notification as-is and published. Andrew seconded the motion. Motion carries with no objections. Notice will be sent out to relevant parties next week.
Supervised Remote Proofing Proposal
A small group discussed the criteria and developed the following proposal for #0490-#0580
View file | ||
---|---|---|
|
...
Richard suggested striking the line “Physical comparison performed remotely SHALL adhere to all requirements as specified in 63B, Section 5.2.3.” for STRONG evidence. Andrew & Yehoshua were agreeable. The updates will be made into the over updates of 63A.
OPD#0010
Andrew raised the concern. Richard noted there is no source text to the criteria - that it begins with the subparts of the criteria. Richard reviewed the original Word version of the OP_SAC and determined there was never a header for it. He suggested inserting one. Andrew believes the revocation stuff should be in the credential policy - it just needs stated. Suggested header: “The CSP must in its CrP…”.
Richard noted that a reference back to OPA#0020 f) would also work. Richard will propose guidance to be included in the update.
S3A
Andrew shared the reasoning for the updates to the S3A, including the need for more detailed information being provided to the ARB. Richard believes the level of detail in the S3A was never intended to be aligned with all criteria in the SAC. Jimmy agreed. The assessor gets some scoping out of the S3A, but not what they need to complete the assessment. But, this is all the ARB gets beside the SAC to explain what the system does. And that’s why it needs to be comprehensive - at least at a data flow level. Without that, the ARB doesn’t always know what they are looking at. The other option, is the ARB just trusts the assessor and asks the questions needed. Richard prefers that option but acknowledges there needs to be a degree of detail in the S3A for the ARB to understand the full process.
...