IAWG Meeting Minutes 2012-02-08

Attendees:

Myisha Frazier-McElveen
Bill Braithwaite
Nathan Faut
Linda Goettler
Rich Furr
Joe Stuntz
Patrick Curry
Richard Wilsher
Brownell Combs
John Bradley

Guests:
Jim Schmankie
Faith Gibson

Apologies:
Richard Trevorah
Ben Wilson

Staff:
Anna Ticktin

Minutes:

1. Administrative:

• Roll Call

• Motion for minutes approval: 1 Feb 2012
• Rich moves to approve the minutes. Bill seconds . With no further discussion or objection, the minutes are approved as recorded.

Action item review:

• None / tabled

2. Kantara Assessment Review (KAR Report)

• Fed audit letter:  http://www.idmanagement.gov/fpkipa/documents/audit_guidance.pdf
• Web Trust guidance (see Appendices for the letters templates):  http://www.webtrust.org/principles-and-criteria/item27818.pdf

Discussion:

• Audits should be done and qualified against a specific document set. (IT assessments)
• Remediation plan is enacted and executed, sometimes in parallel with the assessment as issues arise.
• The final certified letter should include : Who is the assessor and what are their qualifications? (re-iteration of accreditation and re-lisiting of certifications). "We the assessor did these things against this assessment. The language which asserts to what the assessor attested to and completed."
• Boilerplate paragraph could clearly communicate some additional material without violating the format of the official report.
• The AQR needs to be reviewed and address any doubt or confusion as to the express need and/or form of this pro forma.
• Ultimately , the format should suit Kantara's need.

• ACTION ITEM : 20120208-01 Anna will coordinate the KAR volunteers (inclusive of RGW, Deloitte and Touche, eValid8, KPMG and Electrosoft folks) via a list thread and the IAWG will expect some draft language to review in two weeks time (22 Feb 2012).

3. US FPP  & LC feedback

• The wg addressed editorial changes implemented by David Wasley based on LC recommendations.
• This draft will be re-circulated inclusive of the comments, the word version as well as the final pdf for those unable to dial-in today to review and provide feedback. The group will look to approve this document on next week's call pending quorum, otherwise it will be immediately taken to the list for an eballot.

4. Point-in-time vs Period-of-time Discussion Con'td

• See list thread for latest discussion on proposed language (Titled :  [WG-IDAssurance] Day Zero and Period of Time Language, Dated : 2 Feb 2012)
• Did not discuss. Carried to the next agenda.

5. IAF Stack Edits

• Next steps
• Did not discuss. Carried to the next agenda.

6. AOB

Adjourned