[Servercert-wg] NetSec update for 2020-03-19

Neil Dunbar ndunbar at trustcorsystems.com
Thu Mar 19 08:58:38 MST 2020 

All,

Apologies for missing my slot to update members on the progress of the 
NetSec subcommittee.

The updates for the team are as follows:

---

Ballot SC29 [configuration change - originally scheduled to begin voting 
Monday 16th. But at the request of Dimitris this was delayed for 1 week, 
since some Cas might be having their attention drawn away from the 
ballot by coronavirus planning. Voting will commence on Monday 23rd March.

Ballot SC28 - was due for discussion, but the authors wanted to redo the 
sections on auditable events so as to split out key events vs 
certificate events, this has delayed submission of the ballot, but after 
discussion later today, we hope to be able to submit the ballot. The 
text is pretty much done - we just need to gain consensus that we're all 
happy with it.

Ballot on system account deactivation - still in progress; the initial 
language was a little ambiguous and could lead to the wrong reading. 
Still working on it, towards a focus less on account deactivation and 
more towards disabling of access to systems if that access can no longer 
be demonstrated to be necessary. Also still need to complete a 
risk-benefit section in the discussion document. One more round of 
discussion and we should be able to submit.

Ballot on updating the whole 'secure zone' term, so as to better define 
the physical and security properties required; to better cope with cloud 
and hybrid cloud environments and also so we can get a better mapping 
between identified risks to protective measures in the logical security 
descriptions. Work ongoing - probably a couple of rounds of discussion 
before this one is ready.

Document restructuring continues, replacing the numbering/lettering of 
sections with descriptive abbreviations, so that the naming of 
requirements better map to the subject matter they seek to address. This 
will also mean some re-ordering of the sections so that logically 
similar requirements are grouped together, and redundancy is removed.

---

Do please follow up with me with any questions that you might have.

Regards,

Neil

More information about the Servercert-wg mailing list