Cloud Key Management

  • 1.  Meeting Minutes 19th April+Reminder of tomorrow's WG call.

    Posted May 02, 2023 12:27:00 PM

    Dear members,

    Please find below the minutes from our April 19th call and the action items for tomorrow's working group call.

    Previous action items:

    HSM-as-a-Service document:

    • Partha to provide an intro paragraph on section 6. Security Considerations, for which he is lead author. - DONE
    • Thanos to write section 5.1 and 5.2 (Intro to HSM and Types of HSM respectively). - DONE
    • Sam to develop section 1 (1.2 and 1.3 and 1.4) in paragraph form. - PENDING
    • Thanos to work on section 5.2: HSM Types - DONE
    • Tim to work on the PIN (Priority number: 1) and the P2PE Use Case (Priority number: 2). - DONE

    Key Mgmt Lifecycle Best Practices document:

    • Partha to review the sections that are populated (respectively: section 2 with 2.2, 2.3, 2.4, 2.5, 2.6, and 3.2.1) - PENDING
    • Santosh to add an introduction paragraph to section 2.6 describing how it relates to what you are presenting below. - DONE
    • Thanos to please review section 2.2 and 2.4 and 2.5 -  PENDING
    • Vrettos to please review section 2.5 - PENDING
    • Santosh to write section 3.2.4-Key Storage - DONE
    • Sam will write section 3.2.7-Key Auditing - PENDING
    • Alex will include Crypto Agility in 2.1-KMS Overview. - PENDING

    New action items:

    HSM-as-a-Service document:

    • Sam ( @Sam Pfanstiel) to develop section 1 (1.2 and 1.3 and 1.4) in paragraph form.
    • Alex ( @Alex Sharpe ) to author section 8: Key Mgmt Considerations?
    • Author needed for section 10: Vendor Selection Best Practices.

    Key Mgmt Lifecycle Best Practices document:

    • Partha to review the sections that are populated (respectively: section 2 with 2.2, 2.3, 2.4, 2.5, 2.6, and 3.2.1)
    • Thanos ( @Thanos Vrachnos) to please review section 2.2 and 2.4 and 2.5
    • Vrettos ( @Vrettos Moulos) to please review section 2.5
    • Sam ( @Sam Pfanstiel), will write section 3.2.7-Key Auditing
    • Alex ( @Alex Sharpe) will include Crypto Agility in 2.1-KMS Overview
    • Authors for Section 4: 'Planning for Key Management Lifecycle Solution': 4.2 Technical, 4.3 Operational, 4.4 Financial Considerations, 4.5 Recommended Best Practices.

    Next working group call: Wednesday, May 3rd.
    Time: 08:00 a.m. PST / 11:00 a.m. EST / 16:00 GMT / 18:00 EET
    URL: https://zoom.us/j/93617880747 (Meeting ID: 936 1788 0747)

    Kind regards,

    Marina



    ------------------------------
    Marina Bregkou,
    Senior Research Analyst,
    CSA
    ------------------------------


  • 2.  RE: Meeting Minutes 19th April+Reminder of tomorrow's WG call.

    Posted May 02, 2023 03:00:00 PM

    Thank you, @Marina Bregkou. I also have the action to draft "3.1 Lifecycle Overview" after the diagram has been updated.

    Didn't I also get an action to draft the Governance section of one of the documents?

    Cheers,
    alex.
    My plan is to attend at least part of Wednesday's call. Unfortunately, there is a conflict with another CSA call.



    ------------------------------
    Alex Sharpe
    Principal
    Sharpe42
    [email protected]
    Co-Chair Philosophy & Guiding Principles Working Group
    Co-Chair Organizational Strategy & Governance Working Group
    ------------------------------



  • 3.  RE: Meeting Minutes 19th April+Reminder of tomorrow's WG call.

    Posted May 03, 2023 02:37:00 AM

    Hi @Alex Sharpe ,

    Yes, you do and I have tagged this sections with your email address on the working document. That is where we keep track of all assigned volunteers to each section.

    This post is not about all action items a person has, it's about the minutes from the last call and what needs to be completed for the next upcoming call.

    That's why I didn't include section9-Governance, as I wanted to verify with you on the call that you will be able to undertake it, and which time-frame that will be.
    As for the 3.1 Lifecycle Overview" after the diagram has been updated, the diagram has not been updated yet, so this will need to be discussed on the call as well, before marking it as an action item for next time.

    See you on the call later and let's discuss more!

    Kind regards,
    Marina



    ------------------------------
    Marina Bregkou,
    Senior Research Analyst,
    CSA
    ------------------------------