Cloud Key Management

Back to discussions
Expand all | Collapse all

Meeting Minutes 4th October 2023.

  • 1.  Meeting Minutes 4th October 2023.

    Posted Oct 11, 2023 06:08:00 AM
    Edited by Marina Bregkou Oct 11, 2023 06:14:37 AM

    Dear members,

    Below you can find the meeting minutes from our working group call on the 4th of October.

    Minutes:

    • The Key Mgmt Lifecycle Best Practices document will be under peer review until the 26th of October.
    • In the beginning of the hour we went through some of the feedback that has been already provided through the peer review process.

    Previous action items:

    Document 1 - Key Mgmt Lifecycle Best Practices: All action items have been addressed and the document has been in peer review since the end of September.

      • Partha to review section 4 - Planning for Key Management. and re-structure if necessary. - DONE

      • Partha to review section 6 - Industry Specific Differences (page 51) and decide if the content adds value to the paper or not. - DONE

      • Partha to address/resolve all existing comments in page 8 and 9. - DONE

      • ALL Authors to review their respective sections and address - resolve existing comments. E.g. Sam in page 33, Michael page 27, Sunil page 19, 20, 24-26Santosh in page 19, 20, 23, 25, 48, Iain in page 15, Aakash in page 13, 14, Alex in page 10-12, etc. - DONE

    Document 2: HSM-as-a-Service:

    • Iain to review the content added by Marina in the eIDAS use case, page 21. Iain to review and approve/comment the paragraph on CC Thanos added in 5.2, page 35, 36. - DONE

    • Partha to finish the comparison table (Marina started) that includes the physical and logical security controls side by side in section 6, page 40. - DONE

    • Sam to review section 7, and section 8. Key Mgmt Considerations. - partially PENDING

    New action items:

    Document: HSM-as-a-Service:

    • Sam ( @Sam Pfanstiel) to update diagram 7: Overview of a simplified Logical Architecture of an HSM, page 34 by adding another box inside "Secure Hardware" for "Virtualization (if Applicable)" which encompasses the bottom four sections (Cryptographic Key Management, Cryptographic Operations, Authentication & Access Control, and Audit & Logging). Jim's suggestion is to make the concentric circle a dashed line instead of solid.
    • Sam ( @Sam Pfanstiel) to review section 7.2 and section 8. Key Mgmt Considerations.
    • Sam ( @Sam Pfanstiel) to re-write the intro paragraph in section 6, page 44.
    • Marina to map the CCM domains to the items of the table of physical and logical controls in page 45, section 6.

    Next working group call: 18th October

    Time: 08:00 a.m. PST / 11:00 a.m. EST / 16:00 GMT / 18:00 EET

    URL: https://zoom.us/j/93617880747  (Meeting ID: 936 1788 0747)

    Kind regards,

    Marina



    ------------------------------
    Marina Bregkou,
    Senior Research Analyst,
    CSA
    ------------------------------