International Standardization Council

• IoT update and discussion.

CTA provided an update and they are still moving forward. While following NIST is the initial thought, the ISO standard is under consideration. They would like to collaborate with CSA and announce that at RSA. They are giving a presentation on the project at the conference.

• SC27 update

ISO foundational standards being considered for update due to the ISO/IEC 27001:2022 being released, possibly 27701 and 27018, separating security and privacy

• Update from OMG

The OMG meeting during the week of March 20 will include a one-hour information session on the work of the Cloud Working Group. It will take place on Wed., March 22, from 5 to 6 pm EDT, in person at the Hyatt Reston Town Center (Reston, VA) as well as online at

https://global.gotomeeting.com/join/629153901

Agenda: https://www.omg.org/events/2023Q1/agendas/CloudWGCalendar.html

There are two papers in progress in the OMG CWG:

• One on cloud data governance, with a focus on regulatory/trade compliance of the way information is stored and exchanged in the cloud. This is led by Dave Harris ([email protected]). Contact him to participate.
• One on "Myths and Realities of Cloud Computing," which Claude Baudoin is leading. You can preview the scope, outline, and some initial content at https://docs.google.com/document/d/1zk1HCJL-dAQwv16fNNQL4enRhVn4M8vVJ-yvKgHayjQ/edit?usp=sharing. We aim to have an initial draft by 4/30 and a final draft by 5/22. Anyone wishing to contribute should contact [email protected].

• NIST CSF 2.0 update on current joint activities with NIST

CSA and NIST are working on a mapping to identify gaps in the CSF VS cloud sector requirements. CSA participated to two recent workshops. The CCM is expected to be included in the NIST CSF 2.0. CSA is responding to the NIST RFI released to gather feedback on the CSF Concept Paper just released.

Next, ISC Meeting is scheduled for Thursday April 13th