Date: Thursday, 20th July 2023, 08:56- 09:36 GMT-05:00
Attendees: John DiMaria, Dave Harris, CITCO, Eric Hibbard (Samsung), Michael Roza
Meeting Summary - You can view the recording here: MeetGeek
During the meeting, the team discussed approving the charter, with potential challenges in getting all members to agree.
It was agreed that John would resolve all the comments and send out the charter for e-approval.
Dave Harris sent a note about the September conference and plans to communicate with John DiMaria and Melissa later.
The Zero Trust working group was discussed, including the upcoming vote on the dis-ballot for 27006 part two and Japan's project on security frameworks for cyber-physical systems.
The privacy document 29100 is at a late stage and may be canceled if desired changes are not made.
There is a proposal to restructure the network security series focusing on Zero Trust, and a restructure of PWI is expected in October.
The paper on multi-jurisdictional compliance activities is officially out.
The conversation with the chair concluded that PWI 20996 will remain focused on business continuity and resilience. Eric discussed the possibility of IEEE pursuing Operation Resilience for cloud computing. There was a discussion about an upcoming workshop on Operation Resilience, and concerns were raised about gathering necessary people and engagement from financial institutions.
Highlights
Action: John DiMaria will contact the convener of SC42 and request that CSA be a liaison for that group convener is [email protected]
Action | Dave Harris sent a note to John DiMaria and Melissa about the September conference, and they plan to chat or communicate via email later today.
Zero Trust working group (12:9)
Discussion about the Zero Trust working group and its relation to other work groups
Fact | The US will be voting on the dis-ballot for 27006 part two in its August meeting, and Japan has submitted a project on security frameworks and use cases for cyber-physical systems, seeking support from other national bodies.
Important | The privacy document 29100 is at a very late stage and may be canceled if the desired change by the editor is not made.
Security Frameworks and Use Cases for Cyber-Physical Systems (4:49)
Japan has submitted a project on security frameworks and use cases for cyber-physical systems, and they are seeking support from national bodies.
Fact | The new attributes in 27002 are currently being discussed and consultation is underway, while the group is also facing a similar issue as SC38 had with 22123, where terminology can only be included if it is covered in the document itself.
Restructuring Network Security Series (7:55)
There is a proposal to completely restructure the network security series, with a focus on Zero Trust. A restructure PWI is expected to be launched in October.
Fact | The conversation with the chair concluded that PWI 20996 will remain focused on business continuity and resilience, which is a subset of operational resilience from a Basel perspective. The PWI report from the August meeting will highlight the identification of operational resilience as an area of interest.
Fact | The paper, which has gone through the edit peer review process, is now officially out, and it focuses on developing arrays for multi-jurisdictional compliance activities and requirements associated with data assets.
Important | Last week, Eric discussed with the SE 38 chair the possibility of IEEE pursuing Operation Resilience for cloud computing if SC 38 doesn't.
Operation Resilience Workshop (3:13)
Discussion about an upcoming workshop on Operation Resilience
Fact | The SD38 meeting is scheduled to take place from September 18th through the 22nd, and there is a workshop on Friday, September 15th in Washington, D.C.
Coverage for Operation Resilience (3:7)
Discussion about the coverage of Operation Resilience and the involvement of different organizations
Concern | Eric Hibbard is concerned that SC38 may not be able to gather the necessary people due to the complex national body structure and lack of engagement from financial institutions. John DiMaria also expresses uncertainty about how this would happen on the SC38 side.
Other updates:
ISO/IEC 22123-1:2023 (2nd Ed.) has been published
ISO/IEC FDIS 22123-2 (Cloud computing – Concepts) ballot ends on 2023-08-16
ISO/IEC FDIS 22123-3 (Cloud computing – Reference architecture) ballot ends on 2023-08-16
ISO/IEC DIS 5140 (Information technology - Cloud computing - Concepts for multi-cloud and the use of multiple cloud services) FDIS is being prepared
ISO/IEC TS WD 7339 (Cloud computing and distributed platforms - Cloud computing - Platform capabilities type and Platform as a Service (PaaS)) is under development
ISO/IEC 10866 (Information technology - Cloud computing and distributed platforms - Framework and concepts for organizational autonomy and digital sovereignty) is under development
ISO/IEC PWI 20996 (Information technology – Cloud computing and distributed platforms – Customer business continuity and resilience) is under development; NWIP is likely
ISO/IEC PWI 19274 (Cloud and Edge Networking Landscape) is under development
ISO/IEC PWI 20151 (Cloud computing and distributed platforms – Dataspaces) is under development
------------------------------
JOHN DIMARIA
ME
CSA
[email protected]------------------------------