Published-06-17-17-2017-09-07 Draft Minutes

Attendees

Denny Prvu 

Scott Shorter 

Andrew Hughes 

Mark Hapner

Ken Dagg

Don Campbell

Richard Wilsher

Colin Wallis


Key discussion items 

  • Richard shared the spreadsheet KIAF-1430 63A_SAC v0.0.2.xlsx that addresses IAL 2 and includes guidance on work sheets T5-1, T5-2 and T5- 3.  He will collate all the comments so the group can resolve them all together. The guidance includes how you gather the evidence.
  • Scott commented that it is a constructive tool to see how to demonstrate compliance and it is within his idea of the assessment methods. 
  • Andrew added that we can create a filter to better search within the criteria documents.
  • Scott said that retaining information about the applicability at IALs is something that we have to add for the final product.
  • Richard will create small columns and just flag IAL 1, 2 and 3 that will allow us to show where these things apply.
  • Scott said that next steps for the group would be to review the criteria and provide comments in the spreadsheet.
  • Richard clarified that the spreadsheet is the word text + evolution so it is the latest version.
  • Richard provided an example where he twisted the NIST text: 

 Requirement:  Identity Should not be used to determine suitability or entitlement to gain access           

Tag: 63A#0010               

KI criterion: The CSP SHALL NOT perform identity proofing to determine suitability or entitlement to gain access to services or benefits.


Agreement: 

The group agreed to work on the spreadsheet that Richard provided. 


Action items:

  • The group to review the criteria in the KIAF-1430 63A_SAC v0.0.2.xlsx and provide comments. 
  • Scott to transfer the comments from KI 1430 63A_SAC v0.05 - SS doc. to the spreadsheet.
  • The group to review the feedback in the next meeting.