Attendees

Denny Prvu

Scott Shorter

Andrew Hughes

Mark Hapner

Ken Dagg

Don Campbell

Richard Wilsher

Colin Wallis

Key discussion items

Richard shared the spreadsheet KIAF-1430 63A_SAC v0.0.2.xlsx that addresses IAL 2 and includes guidance on work sheets T5-1, T5-2 and T5- 3. He will collate all the comments so the group can resolve them all together. The guidance includes how you gather the evidence.
Scott commented that it is a constructive tool to see how to demonstrate compliance and it is within his idea of the assessment methods.
Andrew added that we can create a filter to better search within the criteria documents.
Scott said that retaining information about the applicability at IALs is something that we have to add for the final product.
Richard will create small columns and just flag IAL 1, 2 and 3 that will allow us to show where these things apply.
Scott said that next steps for the group would be to review the criteria and provide comments in the spreadsheet.

Richard clarified that the spreadsheet is the word text + evolution so it is the latest version.
Richard provided an example where he twisted the NIST text:

Requirement: Identity Should not be used to determine suitability or entitlement to gain access

Tag: 63A#0010

KI criterion: The CSP SHALL NOT perform identity proofing to determine suitability or entitlement to gain access to services or benefits.

Agreement:

The group agreed to work on the spreadsheet that Richard provided.

Action items:

The group to review the criteria in the KIAF-1430 63A_SAC v0.0.2.xlsx and provide comments.
Scott to transfer the comments from KI 1430 63A_SAC v0.05 - SS doc. to the spreadsheet.
The group to review the feedback in the next meeting.

Browser not supported