International Standardization Council

Minutes from the ISC Meeting May 18, 2023

  • 1.  Minutes from the ISC Meeting May 18, 2023

    Posted May 19, 2023 10:22:00 AM

    John DiMaria shared International Standards Council Monthly Meeting notes with you.

    Date: 18 May 2023, 09:00 CDT
    Attendees: John DiMaria, Michael Roza, Steve Woodward (Canada and Liaison SC7 for SC38), SUMMERS Rachelle, Claude Baudoin, Eric Hibbard (Samsung), Vrettos Moulos, David Harris


    Meeting Summary
     Claude Baudoin provided an update on two papers being worked on for the upcoming OMG meeting, discussing the myths surrounding cloud adoption. The meeting on myths about cloud computing was scheduled for June 21, and John DiMaria discussed upcoming events related to cloud computing, including free research artifacts and a new privacy guidance. Work group 2 faced challenges with encryption and decided to move the content to another document, while ISO 9001 is expected to be updated in 2025. Finally, the team discussed finalizing and approving the charter and requested suggestions or changes.

    Highlights

     OMG Meeting

    • Claude plans to send a preliminary draft on Monday followed by a more complete draft a few days later to complete a paper in time for an approval vote at the upcoming meeting. He believes that it's a courtesy to the people who will ultimately vote on it . The paper will talk about the myths surrounding cloud adoption, such as the belief that cost is always lower and that once you go to the cloud, you have nothing to do anymore.
    • Claude is reviewing contributions from multiple people and editing them into a paper about cloud myths and realities. He plans to add his own input as part of the editing process. However, he is facing a challenge as the final draft of the paper is due four weeks before the OMG meeting, which falls on the 22nd of this month and he hasn't reviewed the contributions for a while. It's already the 18th.

    Myths about Cloud Computing

    • The meeting will be held on In Orlando, Florida Wednesday, June 21 at 6 p.m. and Claude Baudoin will attend remotely.
    • Claude Baudoin will provide an update on the cloud working group's activities, including two papers, and will seek input on the group's roadmap for the rest of the year and next year during the meeting.

    Upcoming Meeting and Events

    • John DiMaria mentions that the research artifacts produced so far, including main topics addressed in healthcare, will be available for free download in 2023.
    • In addition to the short on the man trainings, there will be a star lead auditor course available soon, which is in the final stages of approval.
    • John informed us that there was a presentation at RSA about the progress of the IOT standard and also mentioned a new privacy guidance, which is coming out soon and will provide guidance similar to 27,001.

    AI and Standards

    • John DiMaria expresses uncertainty about  a standard is being addressed for AI, (ISO/IEC 23053:2022) and encourages everyone to read it if they haven't already.

    6. Meeting Highlights

    • During the meeting, almost everything in the document was thrown out except for some preserved materials from Singapore which were added as informative annexes. The scope and title were not understood initially, but they drive all of the content. The document is intended to help organizations, typically countries, set up schemes for consumers.

    Work group 2 encryption

    • In October, they will move the content they were working on in one document to another document and create a work group for crypto, which will be a series of amendments.
    • In October, they will move the content they were working on in one document to another document and create a work group for crypto.

    8. ISO Standards Update

    • John DiMaria mentioned that the ISO 9001 is up for update and expected to be released in 2025, which is important because it serves as a foundation and also includes the high level structure of every specification standard, potentially making it a game changer. This information was shared in the context of a discussion about a subject that was slightly changed, and Eric Hibbard agreed with it.

    NIST Data Classification

    • David Harris plans to set up a third meeting with the folks from NIST to discuss whether the issue is an NCOE issue or an actual NIST document, and to see if they agree with him. Eric Hibbard mentions that it's the NIST sponsoring the NCCOE or something. https://www.nccoe.nist.gov/data-classification

    Finalizing and approving the charter

    • The team needs to finalize and approve the charter as soon as possible, and any suggestions, changes, additions, or questions should be put in line. A link to the charter will be sent out again for any final comments, and it will be approved when the team reconvenes.
      International-Standardization-Council-WG-Charter word (1)
      Google Docs remove preview
      International-Standardization-Council-WG-Charter word (1)
      Charter 2022 International Standardization Council Working Group © 2022 Cloud Security Alliance - All Rights Reserved. Valid at time of printing. All rights reserved. You may download, store, display on your computer, view, print, and link to ...
      View this on Google Docs >

      The next meeting is scheduled for Thursday June 15, 2023





    ------------------------------
    JOHN DIMARIA
    ME
    CSA
    [email protected]
    ------------------------------