Attendees:
Voting Participants: Ken Dagg, Martin Smith,
...
Richard Wilsher, Mark King
Non-voting participants: Jimmy Jung, Eric Thompson
Staff: Kay Chopard, Lynzie Adams
Proposed Agenda
- Administration:
- Roll call, determination of quorum
- Agenda confirmation
- Minutes approval - 20212021-1011-28 18 DRAFT Minutes
- Staff reports and updates
- International liaisons updates
- LC reports and updates
- Call for Tweet-worthy items to feed (@KantaraNews)
- Discussion:
- Update on Alternative Controls Language
- Component Services
- to the SAC
- Charter Update
- Voting on Chair & Vice-Chair
- Any Other Business and Next Meeting Date
- Charter Review & Nominations for Chair
- Next meeting - December 2nd16th
Meeting Notes
Administrative Items:
IAWG Chair Ken Dagg called the meeting to order at 1:05PM (US Eastern). Roll was called. Meeting was quorate. Distributed agenda was confirmed.
Minutes approval:
...
Jimmy Jung moved approval of the draft Minutes of the IAWG meeting of
...
November 18. Martin Smith seconded. The minutes, as distributed, were approved unanimously.
Staff Reports and Updates:
Kay
...
There was a brief discussion about who is monitoring the requirement that federal agencies adhere to 800-63 rev. 3. It was suggested that Kay ask Phil Lam 1) how do you know someone is compliant with 63-3? and 2) who is responsible for determining that compliance?
...
encouraged everyone to attend the Annual All Member General Meeting on December 8th at 11am ET.
International Liaisons Updates:
Kantara continues to struggle to get engagement from the UK for the Kantara Government Working Group and other initiatives. The next Government Working Group meeting is scheduled for December 9th with Australia, New Zealand and the US. Kay has recently received a contact for Canada that she hopes to be adding to that group in December or January.
Kay provided an update on
...
OSIA
...
. She reiterated that this is a different line of business than our current assessors are engaged in.
LC Reports and Updates:
...
The Privacy Enhancing Mobile Credentials (PEMC) work group has started. Meetings occur at 1pm ET on Wednesdays. Complete a GPA if you are interested in joining that work group.
Discussion:
Update
...
Ken reported that after several email exchanges with Phil Lam and David Temoshok he finally understands the subtle nuances concerning alternative controls (800-63-3 Section 5.4). The use of an alternative control is a decision that has to be justified by an agency and has to occur prior to the agency implementing anything. Those justifications need to include a quantitative risk analysis. Once an agency receives approval to use the alternative control, then they can go approach vendors about implementing an alternative control. While IAWG has already approved the language, Ken believes we need to remove this language from the package. Martin confirmed this was his understanding as well and supports removing the language from the package. Jimmy concurred.
Continued Discussion on Component Services:
The ARB held a joint Assessors/ARB call on Monday, November 15. Martin and Ken attended on IAWG's behalf as observers. There seems to be some back and forth between the ARB and the IAWG about who should be driving the format of these needed changes on the various forms. Martin felt there was a consensus for more guidance to both assessors and applicants in written form. He did not hear a request for any extra requirements within the criteria that would further hold-up the current package of changes. There is a need for additional discussion between the IAWG and ARB to determine what needs done and which party is responsible for the task.
Other Business:
IAWG Charter & Nominations for Chair, Vice-chair & Secretary - We can vote on the charter at the next meeting. Please review by then to determine if any changes are needed. In terms of nominations, please send nominations and justification to Ken, Martin & Lynzie. Ken is willing to continue to take on chair unless someone wants to step in. Duties include running these meetings, attending LC meetings and LC planning meetings, being a liaison to the ARB when required, and to act as the LC rep to the Board of Directors (if requested by LC). Martin is also willing to continue on as vice-chair unless someone else wants to step in.
Martin asked people to consider quantum computing. It's coming really fast! It will effect how controls are done - so something to think about. Jimmy mentioned NIST had a presentation for federal agencies awhile back that they might still have for our use. NIST is working on quantum resistance protocols - the target is to be done early next year.
...
to the SAC:
Richard walked the group through the changes. The group discussed substantive vs. non-substantive changes. Ken reminded the group of the discussions with David Temoshok at NIST about alternate controls. It was decided to remove the alternative control criteria for this revisions but keep the language as a possible consideration to include in the Rev. 4 revisions.
Richard reviewed the changes to the KIAF-1430. Jimmy motioned to approved the changes. Mark King seconded the motion. Richard abstained from the vote as the editor. Unanimously approved as non-substantive changes.
Richard reviewed the changes to the KIAF-1440. The group agrees that these are editorial and non-substantive changes. Martin motioned to approve. Jimmy seconded the motion. Richard abstained from the vote as the editor. Unanimously approved as non-substantive changes.
Richard reviewed the changes to the KIAF-1450. The group agrees that these are non-substantive changes. Martin moved to approve the changes. Jimmy seconded the motion to approved. Richard abstained from the vote as the editor. Unanimously approved as non-substantive changes.
Richard reviewed the changes to the CO_SAC. The group agreed that these are material changes. Jimmy moved to approve the changes. Martin seconded the motion to approve. Richard abstained from the vote as the editor. Unanimously approved as substantive changes.
Richard reviewed the changes to the OP_SAC. The group agreed that these are non-substantive changes. Martin moved to approve the changes. Jimmy seconded the motion to approve. Richard abstained from the vote as the editor. Unanimously approved as non-substantive changes.
Ken will communicate with LC requesting that the changes to the OP_SAC, KIAF 1430, KIAF 1440, and KIAF 1450 as non-material changes be accepted. Rationale is that the changes are editorial or clarifications which do not change what a CSP, or an auditor, has to do. Further, he will identify the changes to the CO_SAC as significant to how auditors assess services and should be considered material changes. LC will determine if they agree or not that these are material changes. If LC agrees these are material changes to the CO_SAC, the changes will go out for the IPR review.
Other Business:
The next IAWG meeting will be Thursday, December
...
16 at 1pm EST.
Topics for that meeting will include
...
elections for Chair and Vice-chair.