In today's QSS WG meeting, the QSS Governance CCM supplement received a general comment: the original CCM Control Specification should be kept in the spreadsheet.
I have copied the CCMv4.0.10_Generated-at_2023-09-26.xlsx from the CCM archive to the QSS_CCMv4.0.10_Generated-at_2023-09-26.xlsx in our Google drive folder, and put our QSS relevant additions and revisions to the Implementation Guide column in the Implementation Guide sheet. Hope the entire working group can review and comment on the additions and revisions. We may need to put corresponding additions and revisions in the Audit Guide sheet.
------------------------------
John Jiang
------------------------------
Original Message:
Sent: Feb 28, 2024 11:02:34 AM
From: John Jiang
Subject: QSS Subgroup - Quantum Safe Security Governance will meet weekly on Fridays
Went through the PQS CCM spreadsheet one more time. Hopefully, we can decide on the list of relevant controls for the first time this Friday. Hope we can move on to supply other fields e.g. guidelines. In 2-3 weeks, hope we can invite members of the WG to comment.
------------------------------
John Jiang
Original Message:
Sent: Feb 20, 2024 07:43:38 AM
From: John Jiang
Subject: QSS Subgroup - Quantum Safe Security Governance will meet weekly on Fridays
Got both issues resolved with CSA support
1. Key exchanges are covered by two controls
- CEK-3 at the protocol (and version) level and
- CEK-4 at the encryption algorithm level.
2. The updated Implementation Guidelines of CEK-04 in the draft does not have the error.
------------------------------
John Jiang
Original Message:
Sent: Feb 16, 2024 11:44:43 AM
From: John Jiang
Subject: QSS Subgroup - Quantum Safe Security Governance will meet weekly on Fridays
We had great turn out in the sub-group's working meeting. Two issues popped up without conclusion and need the ideas from the broader community. I file 2 support requests from the CSA as well:
- Selecting security key exchange technologies is an important control for encryption in transit. But there seems to be no existing CCM control explicitly covering this. Should we invent a new control? Or is there an existing control implying this?
- Control ID CEK-04 is about encryption algorithm. But its Implementation Guidelines in all versions of CCM we've checked are about key management. Are we wrong with this discovery?
------------------------------
John Jiang
Original Message:
Sent: Jan 30, 2024 08:10:44 AM
From: John Jiang
Subject: QSS Subgroup - Quantum Safe Security Governance will meet weekly on Fridays
In the 1/23/2023 meeting, we agreed to hold weekly working meetings of this subgroup. If you do not have the meeting invite, please contact me or Hillary.
John
------------------------------
John Jiang
------------------------------