Dear CSAF TC:Â Attached please find a draft explanatory report, in
preparation for submission directly to ISO/IEC JTC 1, which we would like to send
ahead in draft form to its cybersecurity panel SC 27 now, as previously discussed, to give them
the advance look we discussed and facilitate their feedback and acceptance during the voting phase.Â
Note that once we launch an official PAS ballot, it goes to the full JTC 1 committee, not their cybersecurity experts in SC 27, which cuts off some opportunity to consider any nits or further comments for that round of approval. Â As you know, we would not in any case accept substantive technical changes, as the work is already approved;Â but would certainly take
comments on board, consider fixing any nits, and ask you to consider committing to reviewing substantive suggestions in future rounds.
We're not the first group to run proposed cybersecurity PAS standards first
briefly past SC27, so this is a tested consultation path.
If no one on the TC has issues or improvements to this attached draft, which we believe is complete, we will plan to send it to SC 27 on or about the 31st of July, so as to be
able to ask them to react within one month, and then send the final PAS vote request no later than the first week of September.Â
All suggestions welcomed; please direct to Chet and myself. Regards JBC