Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 9 Next »

Attendees

Mark

Andrew

Richard W.

Nathan

Scott 

Ken


Key discussion items 

What we are trying to produce?

AH straw man is this we are trying to produce?

General consensus, Enable an assessor to assess that a CSP meets 800-63-3.

Next week further what we are

 

63B Section 5.1.7

assessment guide is that we are trying  to create?

 

So the attached doc is a first attempt to produce assessment criteria against the specified requirements in one section of 63B: s5.1.7 Single-Factor Cryptographic Devices.

 

On the left I've copied the text from 63B.

On the right I've written a bunch of questions that must be answered to determine if the stated requirement from the left has been fulfilled.

There might be additional instructions to the assessor on what evidence is needed to support the answers on the right. 

 

Criteria versus the question approach

 

AH if our objective to strict evaluate conformity to the requirements stated In -63, assessment guide and instructions to some extent, to have assessors assess in a similar ways and come to similar conclusions.

 

It is not only Set of criteria which defines what is required. They are discrete and if they need clarification.

 

Assessors need into this process?

 

RW Determine making a claim that meet the requirements conformity or not.

 

We are Concern Reading the statement with SHALLs and determine that the provide to the service meets the requirements, there might be a policy or practice statement

 

Mark Structure the claims in a useful way.

 

RW Break this down. Requirements tex making a number of discrete statement.

5.1.7.1 4 discrete requirements. CSP are aware on what you Need t show compliance to.

 

SSh criteria clearly identified list of what are the sets of requirements, get them all clearly articulated that can be evaluated or assessed. There is a tree structure, there is more structure plain list, whatever it takes to formally express the content that can be evaluated in a rigorous way.

 

63-3 specific we are going 62-3 OP SAC as the ongoing international -3 approval process

focus on 63-3. Beyond just ficam circle.

 

Should not

mArk A document and create a directed graph with optional and required edges on it that describes the spec.

Mark Happner: Create a directed graph that describes spec (with JSON-LD)

- Andrew Hughes:  Break down 63A

- Scott Shorter: Break down 63C 

 

identigy and document the requirements.

 

 













AUDIO/VIDEO FILE: 

  • No labels