The Inner Circle

·      Andy to use Google Docs to share templates for the first two working groups so that attendees can start drafting the charters for the two groups with a goal of having the drafts complete by the upcoming RSA conference.

·      All - Daniele requested statements of support from attendees in anticipation of the announcement at RSA. The statement is just a short statement from you or your company supporting this initiative, along with a picture of you to add to the webpage for OCF.

·      All – if you are going to RSA and have ideas or additional activities we should have during our CSA meetup, please let Daniele ([email protected]) or Eileen ([email protected]) know. Also, please confirm with Eileen and Andy at your earliest convenience so we can complete our planning.

·      All – We want to have the charter for Working Group 1 (CAR-Regulatory-Analysis-Working-Group-Charter-Mar-2025.docx) and Working Group 2 (CAR-Controls-Catalog-Working-Group-Mar-2025.docx) to a finalized state prior to RSA so that we can review, make any minor changes once we lock in the initial sponsors and active participants. We all have editor permissions so make the changes you think the charters need or comment on edits made. Once you look at the charter templates, please let Andy Ruth know if you think we need working meetings to collaborate on the docs.

·      All – We will need co-chairs to drive these two working groups. Please be thinking of nominating someone (including yourself) to co-chair a working group. The primary duties are to drive participation, help set the agenda, and run the meetings.  

·      All – CSA wants to host some more webinars prior to RSA in order to drive additional interest and buzz. Have an idea for a webinar? Please email Andy ([email protected]) with your ideas.

·      All - There was discussion of moving the meetings from the first Friday of the month to another day of the week that is more friendly to eastern Europe where they are starting their weekend by the time of the meeting. Please complete the Doodle poll by March 19, 2025 with your preferences for when the meeting should be held. We'll update the series based on the results starting with the meeting in April.   

Meeting welcome and new participant introductions
The meeting agenda was shared and Daniele commented on this being the 8^th meeting in series, and that the initial draft of the working groups is to be shared, indicating a progression towards collaborative efforts.

Introduction of new members were made:

·      P. Subrahmanyam (who goes by Subra) with Stanford University, a long time CSA participant and ready to get active again.

·      Fabio Battelli with Deloitte, and leads the cybersecurity team.

·      Giacomo Calvigioni has been working in cloud strategy and architecture service line for five years and is part of Deloitte, Italy.

·      Ethan Altmann leads the product solutions domain at Anecdotes, a GLC automation solution.

·      Pamela Fusco was able to join by phone.

Daniele Catteddu is in discussions with potential new members, including Prashant from Salesforce, to grow the community. Daniele urged attendees to spread the word through their network to generate additional participation. The discussion included launching initial working groups and planning for a marketing strategy going forward.

Announcement of Launch at RSA
The official launch for the CAR initiative will take place during the CSA summit at RSA on April 28th. Members are invited to register for the summit, which is free to attend, and they need to check the RSA main page for registration details.

Daniele Catteddu requested statements of support from members in anticipation of the launch. Daniele requested participants to provide a short statement of support along with their picture and name for the website, indicating the urgency to start this process immediately.

Meetup at RSA
The proposed date for the meetup is April 29th, from 10:30 AM to 12:30 PM, followed by lunch, at a location close to Moscone. Daniele mentioned that there are currently 23 confirmed attendees for the RSA meetup, indicating a growing interest in the initiative.

Daniele encouraged participants to share any ideas or suggestions for additional activities during the RSA meetup, indicating a collaborative approach to planning.

Discussion on Working Group Launch Timeline
The decision was made to potentially delay the launch of the first two working groups until the end of April, pending feedback from the team. There was a concern about whether the delay would affect the involvement of new stakeholders who might want to join as decision-makers or co-chairs.

The team aims to finalize a draft of the charters for both working groups before the RSA announcement, allowing for minor adjustments if necessary due to new developments. It was decided that all new members joining by RSA will have equal opportunities to become co-chairs, promoting fairness in the onboarding process.

Michaela raised a concern about the impact of the announcement and suggested using social media to disseminate information effectively, especially considering the federal government's travel freeze.

Working Group Charter Development
It was decided that the election of co-chairs will take place after the RSA event, indicating a formal process for leadership selection. The team will work on finalizing the purpose of the working group and begin drafting the charter, which will include a description of the group's responsibilities and deliverables. The working group will utilize a standard CSA research template to guide the development of the charter and deliverables.

Regarding analysis and OSCAL mapping, the prototype model discussed is an enhanced version that has been tested and is awaiting community feedback to ensure robustness for a larger set of use cases. The collaboration with NIST and CIS is relevant to OSCAL, focusing on standardizing the concept of mapping between different controls.

In the matter of compliance engineering and best practices, Daniele expressed a concern about the need to refine the bullets points from the discussion to ensure clarity and effectiveness in guiding compliance engineering efforts.

The next steps involve finalizing the charter and preparing for co-chair elections, with a call for contributors and volunteers planned to occur leading up to the RSA event.

Miscellaneous Topics
The team agreed to use Google Docs for collaboration, where members can add comments and suggested edits. Andy Ruth is open to setting up meetings for further discussion, indicating a collaborative approach moving forward.

For continuation of the series of webinars already available, the team is tasked with brainstorming ideas for an additional panel webinar before the RSA event. Suggestions should be sent to Andy Ruth for further planning.

The update on the survey, the survey is still on hold, and there are no specific reasons provided for this delay. The team needs to consider when to launch and release the survey.

Daniele mentioned that the current meeting schedule poses challenges for some members, indicating a need for change. The decision to conduct a poll to determine the preferred meeting day was agreed upon. The link to the poll is in the action items.

The RSA launch is scheduled for April 28, and the CAR Stakeholders' Meeting is on April 29. Participants are requested to confirm their attendance to Andy and Eileen for the upcoming events.

To have the charters for the working groups in final draft form, input is needed from participants. The charter for Working Group One on regulatory analysis and Working Group Two on control catalog.

The United States will change its time zone this weekend (March 9^th), while Europe will change a couple of weeks later (March 30^th), before the next meeting scheduled for April 4th. Michaela expressed concern about her availability for the next meeting due to overlapping commitments, as the time change will affect her schedule. It was decided to move the next meeting based on the results of the poll to shift the meeting.