Date: 15 Jun 2023, 09:00 CDT
Attendees: FABRITIUS, Willy ,SGS, Jim Angle, John DiMaria, Michael Roza, Steve Woodward (Canada and Liaison SC7 for SC38), HIBBARD Eric (20996 Co-Editor, IEEE), Claude Baudoin, ΜΟΥΛΟΣ ΒΡΕΤΤΟΣ, Dave Harris, CITCO, Vrettos Moulos
Meeting Summary
The meeting covered updates on various ongoing projects and working drafts, including progress on operational resilience and data, the creation of a new series for homomorphic encryption, and standards on cloud computing. There was also discussion on the importance of healthcare perspective on digital records and the possibility of collaborating with the healthcare group to get their input. The meeting also touched on the need for a formal liaison agreement between CSA and SC 42 and the possibility of requesting a liaison. Lastly, the group discussed recent AI regulations and standards in the US and EU, and announced that there will not be a July meeting due to John's holiday.
Highlights
- Dealing with operational resilience and data - 20996. It's a PWI.
Updates on the progress of dealing with operational resilience and data
- Fact | There was some resistance, but the next meeting is scheduled for mid-August and there is a good chance that the discussed document will be converted in the fall, as per the discussion from last night.
- Working Drafts and Meetings (3:46)
Updates on the working drafts and upcoming meetings
- Fact | The group had a meeting on June 8th, referred to as '27019', and ongoing activities related to working drafts are currently in progress.
- Fact | Willy from SGS has submitted an updated text for 27701 for FDIS, which is mentioned by Eric who hopes that the editors don't get too creative.
- New series for encryption
Discussion about the creation of a new series for encryption with four parts
- Fact | Instead of being a single part under an existing standard, a whole new series will be created to cover the topic of interest.
- Paper on Cloud Computing (2:30)
Updates on the progress of a paper on cloud computing, including feedback collection, editing, and deadlines for publication
- Action | Claude Baudoin mentioned that the paper needs a lot of work and help from experts like members of CSA who can provide wise comments and knowledge. He also mentioned that he will be discussing the progress of the paper in a meeting at OMG next week and that they aim to have it approved for publication at the September meeting in Chicago.
- Standards on Cloud Computing (5:30)
Updates on the progress of standards on cloud computing, including a completed paper on myths and realities, a standard on cloud management and security for financial institutions, and a working group on adaptive management of cloud computing
- Fact | Claude Baudoin mentioned that the paper, which has had several collaborators including from IBM and has been reviewed by six or seven co-authors, will hopefully be approved for publication by the Mars task force vote on Thursday a week from today and then shared widely.
- Action | Claude Baudoin invites participation in a group focused on automating processes to react to unexpected events that cause changes in cloud configuration, with the aim of improving recovery processes. To join, interested parties can email him for more details.
- Action | He mentioned that almost everyone will be remote and will provide a link in the chat for participants to join at the time of the meeting. They will also remind everyone of the date and time of the meeting in the same post.
- Action | Claude Baudoin will present progress to the Mars task force, which means middleware and related services, and inform them about the status of the cloud working group. Additionally, he will hold an information session for the cloud working group meeting on Wednesday, June 21, from 5 to 6 p.m. Eastern time, which will be remote since the meeting is physically in Orlando, Florida.
- Healthcare perspective on digital records (0:57)
Discussion on the importance of healthcare perspective on digital records and the possibility of collaborating with the healthcare group to get their input.
- Important | Dave Harris plans to look at who has contributed to the OMG domain vocabulary paper and add them to the working group to complete the paper, specifically focusing on healthcare vocabulary elements associated with records management.
- Formal liaison agreement between CSA and SC 42
Discussion on the need for a formal liaison agreement between CSA and SC 42 and the possibility of requesting a liaison.
- Action | John offers to email the convener to inquire about having a formal presence, to which Eric asks if they are requesting a liaison.
- Action | John suggests bringing up the list of people representing CSA on various working groups during the next meeting.
- CSA Update and Courses
The CSA is offering a new star lead auditor course and working on the multi-sector certification scheme using 27009, which will facilitate the NIST cybersecurity framework certification scheme.
- Concern | John expresses uncertainty about whether the issue discussed in 42 will have any impact on the SC27 projects, and mentions that it is an ad hoc group. Willy confirms that it is indeed an ad hoc group.
- Fact | John DiMaria mentioned that they are working on including the CCM into the NIST 2.0 cybersecurity framework, and they are currently involved in doing that along with the mappings, which is very exciting.
- Action | John mentioned that he will share a discount code for SECtember with the group and those who choose to take advantage of it can use it, while those who don't can pass it on to somebody else.
- AI Regulations and Standards
Discussion on the recent AI regulations and standards in the US and EU
- July Meeting
Discussion about the July meeting and John's vacation
- Fact | John DiMaria announced that there will not be a July meeting due to his holiday in the first two weeks of July, but the team is welcome to have it without him.
- Full recording can be found here: MeetGeek
------------------------------
JOHN DIMARIA
ME
CSA
[email protected]------------------------------