...
- IAWG discussed ways forward in the case where criteria explicitly refers to subscribers and/or subjects, and the subject of assessment is a service that has no direct relation with the those parties, e.g. a Component Service.
- In the CO_SAC and OP_SAC, Richard highlighted those criteria which have potential to be either dropped or re-focused for Component Service assessments, so IAWG can decide what to do in terms of guidance to CSPs and how the Assessors should assess it. Richard explained the criteria that were highlighted in this SACs set: KIAF-1410 CO_SAC SAC & SoCA v3.0.2 - IAWG Review 2021-02-03.xlsx & KIAF-1420 OP_SAC SAC & SoCA v2.0.2 - IAWG Review 2021-02-03.xlsx
- It was agreed to copy the CO #0090 text and post it to CO#0080 text as well as to remove "Specific provisions stated in further criteria in this section". Moved: Mark K. Seconded: Ken. Unanimous approval.
- Ruth commented that the most demanded Kantara Class of Approval is the 800-63 rev.3 Technical, derived from NIST 63A/63B/63C technical requirements (without the CO_SAC is not included).
Agreed Next steps: 1. Richard to review Kantara 800-63-3 SACs, and propose a selection of the contentious criteria, then continue with the Classic SACs; 2. IAWG agree on the criteria selection and write a Memo that says this is the criteria set that needs attention for Component Approval.
...