Cloud Key Management

Back to discussions
Expand all | Collapse all

Meeting Minutes May 31st, 2023.

  • 1.  Meeting Minutes May 31st, 2023.

    Posted Jun 08, 2023 01:00:00 PM

    Dear members,

    Below you can find the minutes from our working group call on the 31st of May.

    Discussion:
    Are we adding 'Key Loading' in the Key Lifecycle diagram?

    Previous action items:

    • Document 1: HSM-as-a-Service:
      • Marina to check the previous Cloud Key Mgmt papers  in order to recognize any references to HSM from the CSP/on-prem perspective and perhaps include the non-CSP perspective (on-prem) in this paper. (Check footnotes for Utimaco, Entryst mentions, etc.) - PENDING
      • Sam to address and resolve comments made to section 1 by Thanos and Alex. - In progress
      • Carlos to write use case of section 3.5 - Full Homomorphic Encryption - PENDING
      • Iain to write section 5.2.1 - General Purpose HSM - PENDING
      • Simon Keates to write section 5.2.2 - Payments HSM - PENDING
      • Tim to write in paragraph mode the bullet points he has included in sections 6.1 and 6.2  - Physical and Logical Security Controls - PENDING
      • Simon Keates to write section 6.3 - Multi-tenant Segregation - In progress
      • Alex to write section 8 - Key Mgmt Considerations, which will be linked with the Key Mgmt Best practices parallel document. - PENDING (Sunil Arora is taking this section)
      • Sam to review and approve section 9 - Governance written by Rajat Dubey.- PENDING
      • Sam to review and approve section 10 - Vendor Selection Best Practices written by Rajat Dubey. - PENDING
    • Document 2: Key Mgmt Lifecycle Best Practices
      • Working group to discuss Thanos' comment on including the key phases as are defined in the NIST 800-57pt1 rev.5 document as discussed initially. - DONE
      • Michael Roza to write the 3.2.5 Key Revocation section.- PENDING
      • Sam to write section 3.2.7. Key Auditing. - PENDING
      • Marina to write section 3.2.8 Key Destruction. - DONE
      • Vani to write section 4.1 Compliance and Regulatory Requirements.- DONE
      • Vasan Kidambi to write section 4.2 - Technical Considerations - PENDING
      • Rajat to write section 4.3 - Operational Considerations - DONE
      • Vanesa Arias to write section 4.4 - Financial Considerations - DONE
      • Vani as section 4 lead, to review section 4.5 written by Vasan Kidambi. - PENDING
      • Santosh to include missing diagrams and references in section 5.1 - Deployment Approach - PENDING
      • Santosh to review and approve/disapprove content added in section 5.2 - Deployment Considerations, by Amit Butail.- PENDING
      • Rajat to write section 5.3 - Operations and Maintenance. - DONE
      • Carlos Rombaldo to write section 5.4 Auditing Requirements. - PENDING
      • Partha, Sunil, Santosh to review and approve/disapprove additional text included in section 7 - On-prem Considerations by Parth Jamodkar. - PENDING

    New action items to be finalized by June 13th:

    Document 1: HSM-as-a-Service:

    • Marina to check the previous Cloud Key Mgmt papers  in order to recognize any references to HSM from the CSP/on-prem perspective and perhaps include the non-CSP perspective (on-prem) in this paper. (Check footnotes for Utimaco, Entryst mentions, etc.)
    • Santosh ( @Santosh Bompally), please address the comment made for the introduction paragraph by Sam in section 4: Responsibilities.
    • Iain ( @Iain Beveridge) to ask his colleague about insight regarding the eIDAS use case.
    • Iain ( @Iain Beveridge ) to write section 5.2.1 - General Purpose HSM
    • Sam ( @Sam Pfanstiel) to address and resolve comments made to section 1 by Alex Rebo. 
    • Sam ( @Sam Pfanstiel) to review and approve section 9 - Governance written by Rajat Dubey.
    • Sam ( @Sam Pfanstiel) to review and approve section 10 - Vendor Selection Best Practices written by Rajat Dubey.
    • Carlos ( @Carlos Rombaldo Junior) to write use case of section 3.5 - Full Homomorphic Encryption
    • Simon Keates to write section 5.2.2 - Payments HSM 
    • Simon Keates to write section 6.3 - Multi-tenant Segregation
    • Tim ( @Tim Winston) to develop in paragraph mode the bullet points he has included in sections 6.1 and 6.2  - Physical and Logical Security Controls
    • Thanos ( @Thanos Vrachnos) please review section 7.1 and 7.1.1 added by Bruno.
    • Thanos ( @Thanos Vrachnos) to check with his contacts about the possibility of sharing data to use for the eIDAS use case.
    • Sunil @Sunil Arora)to write section 8 - Key Mgmt Considerations, which will be linked with the Key Mgmt Best practices parallel document.

    Document 2: Key Mgmt Lifecycle Best Practices

    • Alex ( @Alex Sharpe) will you please review the additional text written in section 2.5 Encryption Overview by Parth?
    • Sam ( @Sam Pfanstiel) to write section 3.2.7. Key Auditing.
    • Michael Roza ( @Michael Roza) please write section 3.2.6 Key Revocation.
    • Marina to write section 3.2.3 Key Use.
    • Partha to please address comments made by Alex Sharpe and Alex Rebo and review and do a sanity check to section 2- Key Mgmt Refresher, where is the lead author.
    • Partha to please review section 4.1 Compliance and Regulatory Requirements. written by Vani.
    • Vasan Kidambi please write section 4.2 - Technical Considerations.
    • Vani ( @Vani Murthy) as section 4 lead, to review and provide feedback to the subsections 4.3, 4.4, 4.5 that Rajat, Vanesa and Vasan have submitted.
      As the Lead for section4 you need to check and decide on the flow, the content and the "voice" of the subsections that fall under you.
    • Santosh ( @Santosh Bompally) please review additional content added under 2.4.1 by Vasan.
    • Santosh ( @Santosh Bompally ) to include missing diagrams and references in section 5.1 - Deployment Approach
    • Santosh ( @Santosh Bompally) to review and approve/disapprove content added in section 5.2 - Deployment Considerations, by Amit Butail.
    • Santosh ( @Santosh Bompally) please review section 5.3 - Operations and Maintenance written by Rajat.
    • Carlos ( @Carlos Rombaldo Junior) please write section 5.4 Auditing Requirements.
    • Carlos ( @Carlos Rombaldo Junior) and Vasan Kidambi please write section 6 - Industry Specific differences.
    • Partha, Sunil, Santosh ( @Sunil Arora / @Santosh Bompally ) to review and approve/disapprove additional text included in section 7 - On-prem Considerations by Parth Jamodkar.
    • @All: Are we adding 'Key Loading' in the Key Lifecycle diagram?

    Next working group call:

    Wednesday, 14 June, at 08:00 a.m. PST / 11:00 a.m. EST / 16:00 GMT / 18:00 EET.
    (https://zoom.us/j/93617880747 Meeting ID: 936 1788 0747)

    Kind regards,

    Marina



    ------------------------------
    Marina Bregkou,
    Senior Research Analyst,
    CSA
    ------------------------------