Technical
Guidelines Development Committee (TGDC)
Security and Transparency Subcommittee (STS) Teleconference *
August 14, 2007, 10:30 a.m.
Draft Minutes
Agenda
1)
Administrative/Logistical Updates for upcoming 8/17 plenary (Allan)
2) Overview of the draft VVSG document and Companion Executive Summary
(Wack)
3) Other Items
Attendees:
Alicia Scott Morrison, Allan Eustis, Andrew Regensheid, Angela Orbaugh,
Barbara Guttman, Helen Purcell, John Wack, Mat Masterson, Neil Erikson,
Nelson Hastings, Philip Pearce, Quynh Dang, Rene Peralta, Rene Peralta,
Sharon Laskowski, Wendy Havens
Administrative
Updates (Allan Eustis):
-
This
STS teleconference was opened up to the TGDC as a whole to do a high
level review of the VVSG.
-
Friday's
TGDC plenary meeting will begin at 11:25 a.m. ET. Dr. Jeffrey, Tricia
Mason, Commissioner Davison and NIST staff will be participating from
NIST, the rest of the TGDC will join by teleconference.
-
NIST
will be doing a dry run on Thursday (8/16//07) at 3:00 p.m. Members
are invited to call in at 4:00 p.m. to test the TRACE hand raising
tool.
-
There
have been 5 resolutions proposed for the meeting. Three to approve
each subcommittee section of the report, one to approve the report
as a whole for final editing, and one to recognize the importance
of the innovation class and to emphasis that to the EAC. At this meeting,
Helen Purcell proposed a sixth resolution to thank Dr. Jeffrey for
his participation and leadership of the TGDC.
-
The
report used to be divided into 6 volumes - it has been changed and
divided into parts.
-
There
has been continued confusion over the glossary - the name has been
changed to reflect that these are words with special meaning in the
VVSG specifically.
-
The
VVSG now contains a complete table of all the requirements at the
beginning of the document.
-
The
"Introduction" is a work in progress. It is an introduction
to the document about what it contains, about what's changed since
last iteration, about what the foundation is we're building on. We're
hoping the report can accommodate change.
-
Figure
2-2 in the intro shows the importance of the requirement on IVVR for
SI.
-
Part
1 of the document is devoted to requirements for devices. John explained
the class structure in detail. This is also the section that covers
SI and IVVR.
-
John
suggested that reading Chapter 3 regarding the benchmarks would be
helpful to committee members since Whitney Quesenbery will be discussing
at plenary. Sharon L. pointed out that most requirements have already
been discussed at previous meetings.
-
The
remainder of the chapters in Part 1 were discussed in high level detail
-
Part
2 of the document is devoted to requirements for documentation, how
the devices need to be documented.
-
Chapter
2 of part 2 are vendor requirements.
-
Part
3 is for testing requirements. It contains only testing related requirements
- it doesn't contain requirements on how to test a system.
-
Chapter
5 contains the information on Open Ended Vulnerability Testing (OEVT).
Plans
are to have an html version of the report on line as well as a searchable
database version.
The current
plan is to deliver the draft to the EAC around mid September.
EAC plans to have the document publicly reviewed in two phases. It will
be posted after TGDC delivers to EAC for 120 day comment period. These
comments will be reviewed and the document revised. EAC will then release
their version of the report for another 120 day review period. EAC plans
to take their time with the review process in order to deliver a valuable
report.
|