Technical Guidelines Development Committee (TGDC)
Security and Transparency Subcommittee (STS) Teleconference *
August 14, 2007, 10:30 a.m.
Draft Minutes

Agenda

1) Administrative/Logistical Updates for upcoming 8/17 plenary (Allan)
2) Overview of the draft VVSG document and Companion Executive Summary (Wack)
3) Other Items

Attendees: Alicia Scott Morrison, Allan Eustis, Andrew Regensheid, Angela Orbaugh, Barbara Guttman, Helen Purcell, John Wack, Mat Masterson, Neil Erikson, Nelson Hastings, Philip Pearce, Quynh Dang, Rene Peralta, Rene Peralta, Sharon Laskowski, Wendy Havens

Administrative Updates (Allan Eustis):

  • This STS teleconference was opened up to the TGDC as a whole to do a high level review of the VVSG.
  • Friday's TGDC plenary meeting will begin at 11:25 a.m. ET. Dr. Jeffrey, Tricia Mason, Commissioner Davison and NIST staff will be participating from NIST, the rest of the TGDC will join by teleconference.
  • NIST will be doing a dry run on Thursday (8/16//07) at 3:00 p.m. Members are invited to call in at 4:00 p.m. to test the TRACE hand raising tool.
  • There have been 5 resolutions proposed for the meeting. Three to approve each subcommittee section of the report, one to approve the report as a whole for final editing, and one to recognize the importance of the innovation class and to emphasis that to the EAC. At this meeting, Helen Purcell proposed a sixth resolution to thank Dr. Jeffrey for his participation and leadership of the TGDC.

VVSG Review (John Wack):

John Wack gave a high level review of the VVSG (http://vote.nist.gov/VVSG-0807/).

Some points of interest:

  • The report used to be divided into 6 volumes - it has been changed and divided into parts.
  • There has been continued confusion over the glossary - the name has been changed to reflect that these are words with special meaning in the VVSG specifically.
  • The VVSG now contains a complete table of all the requirements at the beginning of the document.
  • The "Introduction" is a work in progress. It is an introduction to the document about what it contains, about what's changed since last iteration, about what the foundation is we're building on. We're hoping the report can accommodate change.
  • Figure 2-2 in the intro shows the importance of the requirement on IVVR for SI.
  • Part 1 of the document is devoted to requirements for devices. John explained the class structure in detail. This is also the section that covers SI and IVVR.
  • John suggested that reading Chapter 3 regarding the benchmarks would be helpful to committee members since Whitney Quesenbery will be discussing at plenary. Sharon L. pointed out that most requirements have already been discussed at previous meetings.
  • The remainder of the chapters in Part 1 were discussed in high level detail
  • Part 2 of the document is devoted to requirements for documentation, how the devices need to be documented.
  • Chapter 2 of part 2 are vendor requirements.
  • Part 3 is for testing requirements. It contains only testing related requirements - it doesn't contain requirements on how to test a system.
  • Chapter 5 contains the information on Open Ended Vulnerability Testing (OEVT).

Plans are to have an html version of the report on line as well as a searchable database version.

The current plan is to deliver the draft to the EAC around mid September.
EAC plans to have the document publicly reviewed in two phases. It will be posted after TGDC delivers to EAC for 120 day comment period. These comments will be reviewed and the document revised. EAC will then release their version of the report for another 120 day review period. EAC plans to take their time with the review process in order to deliver a valuable report.


Teleconferences from 2004, 2005, 2006 and upcoming in 2006.

*************

Link to NIST HAVA Page

Last updated: July 25, 2007
Point of Contact

Privacy policy / security notice / accessibility statement
Disclaimer / FOIA
NIST is an agency of the U.S. Commerce Department