Thanks for the meeting minutes. The recap is well-detailed, and provides some direction for the next meeting.
------------------------------
Shamun Mahmud CCSKv3
Membership Director
CSA Seattle Chapter
Bothell WA
[email protected]------------------------------
Original Message:
Sent: Mar 24, 2023 10:46:51 AM
From: JOHN DIMARIA
Subject: Minutes from the ISC Meeting March 16, 2023
Attendees:
John DiMaria
Eric HIBBARD (IEEE)
Fabritius# Willy
Claude Baudoin
Jim Angle
Adriano Sverko
Rachelle Summers (US Rachelle Summers)
Michael Roza
Steve Woodward (Canada and Liaison SC7 for SC38)
1. Short summary of Micro Training Course: Cloud Standards content discussion...
2. Biggest issue is that we don't have a clear objective
(Makes Scope Creep a big concern)
3. Problem of choosing national versus international standards. Or, to say it another way, We have the challenge of integrating NIST (National) with ISO
4. Things we probably need to cover that need to be added to the outline:
Cloud foundations (22123 series) - Dan also has included old ISO numbers in the Outline
BCM (22300, 22301, 27031)
Privacy (27701, 27018)
5. https://www.iso.org/committee/601355.html
MindMap of all the standards.
What is the value of the training since it is just one hour?
6. Some organizations will still use NIST-800-53 and FedRAMP even at international levels. Canadian and Australian governments for example (then falls over to private sector companies dealing with the governments). One challenge is easy access to ISO documents.... as Eric is aware.
- IoT update and discussion.
CTA provided an update and they are still moving forward. While following NIST is the initial thought, the ISO standard is under consideration. They would like to collaborate with CSA and announce that at RSA. They are giving a presentation on the project at the conference.
ISO foundational standards being considered for update due to the ISO/IEC 27001:2022 being released, possibly 27701 and 27018, separating security and privacy
The OMG meeting during the week of March 20 will include a one-hour information session on the work of the Cloud Working Group. It will take place on Wed., March 22, from 5 to 6 pm EDT, in person at the Hyatt Reston Town Center (Reston, VA) as well as online at
https://global.gotomeeting.com/join/629153901
Agenda: https://www.omg.org/events/2023Q1/agendas/CloudWGCalendar.html
There are two papers in progress in the OMG CWG:
- NIST CSF 2.0 update on current joint activities with NIST
CSA and NIST are working on a mapping to identify gaps in the CSF VS cloud sector requirements. CSA participated to two recent workshops. The CCM is expected to be included in the NIST CSF 2.0. CSA is responding to the NIST RFI released to gather feedback on the CSF Concept Paper just released.
Next, ISC Meeting is scheduled for Thursday April 13th
------------------------------
JOHN DIMARIA
ME
CSA
[email protected]
------------------------------