Cloud Key Management

Kind reminder of tomorrow's working group call!

  • 1.  Kind reminder of tomorrow's working group call!

    Posted May 30, 2023 12:48:00 PM

    Dear members,
    This is the usual kind reminder of tomorrow's working group call.

    Below you can find the agenda for your convenience. 

    Please fulfill the assigned action items and let's discuss on the call any concerns.

    • Document 1: HSM-as-a-Service:
      • Marina to check the previous Cloud Key Mgmt papers  in order to recognize any references to HSM from the CSP/on-prem perspective and perhaps include the non-CSP perspective (on-prem) in this paper. (Check footnotes for Utimaco, Entryst mentions, etc.)
      • Sam ( @Sam Pfanstiel) to address and resolve comments made to section 1 by Thanos and Alex.
      • Carlos ( @Carlos Rombaldo Junior) to write use case of section 3.5 - Full Homomorphic Encryption
      • Iain ( @Iain Beveridge ) to write section 5.2.1 - General Purpose HSM
      • Simon Keates to write section 5.2.2 - Payments HSM
      • Tim ( @Tim Winston) to write in paragraph mode the bullet points he has included in sections 6.1 and 6.2  - Physical and Logical Security Controls
      • Simon Keates to write section 6.3 - Multi-tenant Segregation
      • Alex ( @Alex Sharpe) to write section 8 - Key Mgmt Considerations, which will be linked with the Key Mgmt Best practices parallel document.
      • Sam ( @Sam Pfanstiel) to review and approve section 9 - Governance written by Rajat Dubey.\
      • Sam ( @Sam Pfanstiel) to review and approve section 10 - Vendor Selection Best Practices written by Rajat Dubey.
    • Document 2: Key Mgmt Lifecycle Best Practices
      • Working group to discuss Thanos' comment on including the key phases as are defined in the NIST 800-57pt1 rev.5 document as discussed initially.
      • Michael Roza ( @Michael Roza) to write the 3.2.5 Key Revocation section.
      • Sam ( @Sam Pfanstiel) to write section 3.2.7. Key Auditing.
      • Marina to write section 3.2.8 Key Destruction.
      • Vani ( @Vani Murthy) to write section 4.1 Compliance and Regulatory Requirements.
      • Vasan Kidambi to write section 4.2 - Technical Considerations
      • Rajat ( @Rajat Dubey) to write section 4.3 - Operational Considerations
      • Vanesa Arias to write section 4.4 - Financial Considerations
      • Vani ( @Vani Murthy) as section 4 lead, to review section 4.5 written by Vasan Kidambi.
      • Santosh ( @Santosh Bompally ) to include missing diagrams and references in section 5.1 - Deployment Approach
      • Santosh ( @Santosh Bompally) to review and approve/disapprove content added in section 5.2 - Deployment Considerations, by Amit Butail.
      • Rajat ( @Rajat Dubey) to write section 5.3 - Operations and Maintenance
      • Carlos ( @Carlos Rombaldo Junior) to write section 5.4 Auditing Requirements.
      • Partha, Sunil, Santosh ( @Sunil Arora / @Santosh Bompally ) to review and approve/disapprove additional text included in section 7 - On-prem Considerations by Parth Jamodkar.

    To connect on the call:

    Wednesday, 31st May, at 08:00 a.m. PST / 11:00 a.m. EST / 16:00 GMT / 18:00 EET.
    (https://zoom.us/j/93617880747 Meeting ID: 936 1788 0747)

    Kind regards,

    Marina



    ------------------------------
    Marina Bregkou,
    Senior Research Analyst,
    CSA
    ------------------------------