Quantum-Safe Security

  • 1.  Reviewers Wanted: QSS Governance/Security Controls Project

    Posted Mar 13, 2024 09:41:00 AM

    The Governance/Security Controls subgroup is ready for review of some of their work. The QSS relevant additions and revisions are in the Implementation Guide column in the Implementation Guide sheet. Please provide your feedback via comments directly in the spreadsheet. 

    https://docs.google.com/spreadsheets/d/1QDcgd6gecTlusD3xf5Ns4GEpnHbVk-JP/edit#gid=1050476024

    Please reach out to myself or John if you have any questions.



    ------------------------------
    Hillary Baron
    Sr Technical Director
    CSA
    ------------------------------


  • 2.  RE: Reviewers Wanted: QSS Governance/Security Controls Project

    Posted Mar 15, 2024 09:48:00 AM

    Today, Igor, Nuno and I met. I granted Igor access to the QSS Governance folder. We decided

    • The Implementation Guidelines and Audit Guidelines are what the sub-WG add or revise
    • Any addition or revision to the Control Specification should be brought to the CCM WG or get CSA support.


    ------------------------------
    John Jiang
    ------------------------------



  • 3.  RE: Reviewers Wanted: QSS Governance/Security Controls Project

    Posted 20 days ago

    Today, Guncha, Igor and I met. We introduced to Guncha the changes of the document format since her last meeting with the group. We discussed the additions that Igor proposed via email on CEK-19, 21 and DSP-01 and DCS-05. Igor will put in proposed additions in Guideline columns in the spreadsheet. Addition to Controls or revision of Control Specifications are out of the scope and should be brought to the CCM WG.



    ------------------------------
    John Jiang
    ------------------------------



  • 4.  RE: Reviewers Wanted: QSS Governance/Security Controls Project

    Posted 13 days ago

    Today, Guncha, Igor, and John met. Igor presented his write-up in a Word document, which contains end-end implementation steps for Controls CEK-19, 21, DSP-01, CCC-01. John suggests Igor re-write and expand it into a QSS implementation guide targeting security GRC persons who are not familiar with both CSA CCM and QSS. John suggests the current work of adding QSS steps to the implementation and audit guides targets the audience who are familiar with the CCM but not familiar with QSS. As next steps, John suggests 1) merge the proposed QSS additions to the current CCM implementation and audit guides in draft (vs. the published version) and, 2) consult the WG on the next scope of review.



    ------------------------------
    John Jiang
    ------------------------------