Page Comparison

TFS Monthly Sync - Draft Meeting Notes

Wednesday, April 13, 2016

Attendees:

Russ Weizer, Syncronoss

Lee Aber, ID.me

Scott Shorter, Kimble & Associates

Adam Madlin, Symantec

Colin Whitley, Experian

Leif Johansson, ARB Chair

LaChelle LeVan, GSA

Blake Hall, ID.me

Ken Dagg, KI

Ruth Puente, KI

Peter Alterman, SAFE-BioPharma

Key discussion items

       FICAM General Update

• FICAM has been focusing on solution engineering with the agencies, tackling some of the problems with them, e.g. identity credential access and management, and identifying technical solutions or policy solutions.
• FICAM wants to be more outreach oriented and their current work is more inclusive of small agencies.
• FICAM is also working on the Cybersecurity plan implementation, a memorandum that was released, and the Cybersecurity action plan that came out he President Office, the Cybersecurity National Action Plan (CNAP). CNAP factsheet: https://www.whitehouse.gov/the-press-office/2016/02/09/fact-sheet-cybersecurity-national-action-plan. The CNAP raises the bar for everything and it is currently the key document on this field.
• FICAM is working in collaboration with DHS on the CDM Program to reach alignment with ICAM. The CDM has 3 phases, and FICAM is focused on phase 2, which comprises trust credentials, privileges and users, and includes training activities on protecting the federal networks and enterprises.
• Besides, FICAM is working with NIST to ensure that everything is aligned and standardized.
• It was commented that the updated 800-63 would be released soon and open for comments on May. NIST is planning an open and transparent feedback cycle and they started to reach out the different communities.
  • It was requested to NIST to provide a listing of the changes they propose on an element-by-element basis, so the TFPs know what changes will have to consider.
  • There will be online meetings to get feedback from the TFPs.

• SAFE – Biopharma commented that they are working on a mapping and alignment between the European identity regulation, eIDAS, and the existing FICAM requirements, they noted some disconnects. Also, there is an ongoing revision on the policies for digital signature between the Federal PKI architecture and European PKI digital signature architecture.
  
  

• FICAM commented on the Executive Order 13681, which was released in October 2014 and addresses consumer financial transaction, available at: https://www.whitehouse.gov/the-press-office/2014/10/17/executive-order-improving-security-consumer-financial-transactions

          The EO has 3 sections:

1. 1. Secure Government payments – Government adopting chip-and-PIN technology and helping to drive this technology.
   2. Improved identity theft remediation.
   3. Security federal transaction online, to ensure that all agencies making personal data accessible to citizens through digital applications require the use of multiple factors of authentication and an effective identity proofing process (NSTIC service). The plan for section 3 is still not released.

• Incommon-Internet2 commented that is participating in global federation and has been working with federal agencies that are not under their usual participation agreement. The Assurance Program is working towards asserting multi-factor. One of the Working Groups has identified MFA interoperability profile and there is an international participant. Also, they are working on federation interoperability profile, SAML2 deployment profile.

• Kantara Identity Assurance Working Group has released a spreadsheet version of the IAF-1400 Service Assessment Criteria v4.0, it is non-normative and should be considered guidance for users of the IAF, available at the IAF Controlling documents section in the KI website. Hannah Short from CERN made a presentation on assurance profiles for research, available at http://kantarainitiative.org/resources/webinars/. Besides, the WG has started to discuss privacy criteria.