International Standardization Council

Back to discussions
Expand all | Collapse all

Minutes from the ISC Meeting August 18, , 2023

  • 1.  Minutes from the ISC Meeting August 18, , 2023

    Posted Aug 18, 2023 09:15:00 AM
    Edited by JOHN DIMARIA Aug 18, 2023 11:12:42 AM
    • SC 27/38 updates:
      • SC/38 Liason Report
      • 20996 - Operational Resilience
      • 27404 IoT security and privacy - Universal cybersecurity labeling framework for consumer IoT. - CTA and White House initiative
      • Call for contribution to the 4th WD of ISO/IEC 27090, Cybersecurity - Artificial Intelligence - Guidance for addressing security threats to artificial intelligence systems
      • ISO 20022 - Standard for the Financial Industry
        Read more at the ANSI Blog: ANSI/ASC X9 – Financial Services Industry Standards in a Fast-Changing World https://blog.ansi.org/?p=6962
    • NIST CSF 2.0 Draft 
    • Update the SDO liaison list.
    • OMG Update
    • SECtember Update
      27404 IoT Security and Privacy 

    SC38 and PWI 20996 

    Task | John will post the SC/38 Liason report on the circle community.

    Important | John mentioned that they are interested in working on the 20996 operational resilience, which SC38 is pursuing.

    Fact | The next meeting for PWI 20996 is scheduled for the 24th, and the goal is to wrap up the PWI and have it queued up for a new work item proposal start.

    Important | SE38 workgroup 5 was presented with a proposal for a multi-part standard. Still, there doesn't seem to be enough support for it, so a contingency plan is to create a new workgroup in IEEE to work on it.

    Important | John DiMaria expressed his passion for Operational Resilience. He mentions that he would consider being the convener of the standard or involved in it, emphasizing the importance of getting it off the ground, whether it's a SC38 or IEEE.

    27404 IoT Security and Privacy  

    CSA has been collaborating with CTA. The White House submitted a submission on their initiative of IoT security and privacy.
    So this becomes relevant to CSA and everyone else.

    Important | Other players have the option to approach the agency directly, stating their adherence to the criteria set by the White House, and express their interest in becoming accredited. With FCC taking on that role, they could outsource it, so it draws into question, what's the role of CTA?

    Artificial Intelligence - ISO/IEC 27090

    • Addressing security threats to artificial intelligence systems is a crucial part of CSA's portfolio, as highlighted by John DiMaria during the meeting.
    • Another one, obviously, CSA is very heavily invested in research papers and artifacts related to AI.
    • CSA just had an AI Summit, which was a huge success.
      And so this is the guidance for addressing security threats to artificial intelligence systems.
      And as you know, CSA has published a paper on threats, AI, security, and risk issues related to AI.
      The ISC would be interested in understanding how others are addressing and using AI 
    • American Bar Association has got a couple of things going on in AI and Eric Hibbard is involved in this project

    NIST CSF DRAFT 2.0

    NIST issued a draft of the CSF 2.0 along with implementation use cases and is looking for public feedback. CSA is currently working on a response which is due in November. Historically CSA comments have been well received.

    ISO 20022 Standard for security in the financial services industry - X9.125 standard on cloud security and management for financial institutions

    CSA is very deeply invested in the financial industry area - John has a call scheduled with Troy Leech to discuss. Troy leads the Financial Services WG and anyone interested in this should contact Troy.

    The draft of the X9.125 standard on cloud security and management for financial institutions is completed except for one final review, which might happen next week.
    This sort of gives us some of that glue to bring everybody together in a common understanding that can be used as a foundation to build on.

    Other notes: 

    Eric will share a list of IEEE standards listing what projects there were that mentioned cloud.
    OMG Report
    There is a working group formed to address Data compliance taxonomies or domain vocabularies for compliance.
    This is an effort led by Dave Harris and It's nearing completion of a draft, so there is a draft that they distributed a few days ago, and we now have about a week and a half to prepare a final draft, which will be posted to OMG members on the 28th in order to be submitted for a vote to approve at the quarterly meeting, which is the week of September 25 in Chicago. If anyone is in Chicago and wants to attend a cloud working group, they will have a short information session at that point.

    SDO liaison list 

    John mentioned that he doesn't know some of the people on the list and suggested that it needs to be updated or addressed in some way.

     The group agrees that updating is critical.

     John is responsible for distributing the list and sharing it as a Google Doc. Google Sheets: Sign-in

    To maintain access control, please request access.

    SECtember update

    SECtember is the week of September 18th and if anyone is attending, please contact John DiMaria to set up a meeting. John and David Harris are both speaking and it should be a great conference. John can provide discount codes to anyone that wants to attend.

    Due to the conference, the September ISC call will be canceled.



    ------------------------------
    JOHN DIMARIA
    ME
    CSA
    [email protected]
    ------------------------------