Dear members,
This is a kind reminder of our working group's call scheduled for tomorrow, Wednesday, 17 May at 08:00 a.m. PST / 11:00 a.m. EST / 16:00 GMT / 17:00 CET / 18:00 EET.
Agenda and action items:
- Document 1: Key Mgmt Lifecycle Best Practices
- Working group to discuss Thanos' comment on including the key phases as are defined in the NIST 800-57pt1 rev.5 document as discussed initially.
- All authors to please address and resolve comments made to their particular sections. Either incorporate or justify why the comment is not being addressed.
- Marina to put out a call for additional authors to contribute to 3.2.2, 4.2, 4.3, 4.4 and 4.5, 5.2, 5.3. Perhaps practitioners that already works on these topics.
- Partha to add the overview content of the section 3. Dive deep into each item in the life cycle.
- Iain ( @Iain Beveridge) to please update the diagram with the Key Mgmt lifecycle according to the terminology and the phases we are using in this paper. (Under section 3.1, page 22)
- Michael Roza ( @Michael Roza) to write the 3.2.5 Key Revocation section.
- Sam ( @Sam Pfanstiel) to write section 3.2.7. Key Auditing.
- Marina ( @Marina Bregkou) to write section 3.2.8 Key Destruction.
- Vani ( @Vani Murthy) to write section 4.1 Compliance and Regulatory Requirements.
- Partha, Sunil and Santosh will include some content for a new section called 'On-prem Considerations' which is to cover the cloud and on-prem instantiations. It has a placeholder as section 7 for now at the end of the document.
- Document 2: HSM-as-a-Service:
- Thanos ( @Thanos Vrachnos) and Santosh ( @Santosh Bompally) to review section 1 written by Sam.
- Sam ( @Sam Pfanstiel) to provide feedback to Thanos questionnaire on identifying additional drivers for HSM-as-a-Service.
- Thanos ( @Thanos Vrachnos) to include a new question as the first one of the survey asking the respondent: 'Are you familiar with the 'HSM-as-a-Service' term?' After that the rest of the survey, with its term and purpose description can follow.
- Thanos ( @Thanos Vrachnos) include a short term (HSM-as-a-Service) and purpose description on the top of his survey on HSM drivers.
- Marina to check the previous Cloud Key Mgmt papers in order to recognize any references to HSM from the CSP/on-prem perspective and perhaps include the non-CSP perspective (on-prem) in this paper. (Check footnotes for Utimaco, Entryst mentions, etc.)
To connect on the call:
URL: https://zoom.us/j/93617880747 (Meeting ID: 936 1788 0747)
Kind regards,
Marina
------------------------------
Marina Bregkou,
Senior Research Analyst,
CSA
------------------------------