Tony,
For the RFP, see attached below.
For the RFC:
DEPARTMENT OF HOMELAND
SECURITY
[Docket No. DHS–2015–0017]
Notice of Request for Public Comment
Regarding Information Sharing and
Analysis Organizations
AGENCY: Office of Cybersecurity and
Communications, National Protection
and Programs Directorate, Department
of Homeland Security.
ACTION: Request for Public Comment.
SUMMARY: This Notice announces a
public comment period to allow input
from the public on the formation of
Information Sharing and Analysis
Organizations (ISAOs) for cybersecurity
information sharing, as directed by
Executive Order 13691. DHS is
soliciting public comments and
questions from all citizens and
organizations related to the provisions
of E.O. 13691 ‘‘Promoting Private Sector
Cybersecurity Information Sharing’’ of
February 13, 2015. The purpose of this
request for comment is to gather public
input and considerations related to
DHS’ public engagements and
implementation of E.O. 13691 including
the selection of a ‘‘standards
organizations’’ and approved activities
of the selected standards organization.
DATES: The comment period will be
held until July 10, 2015. See
SUPPLEMENTARY INFORMATION section for
the address to submit written or
electronic comments.
Specific Comments Sought
Individuals and organizations
providing comment to this DHS request
are requested to address the following
questions during this open comment
period. However, all comments related
to E.O. 13691 will be accepted. As such,
submitted comments are not required to
address the following five questions to
receive due consideration by the
Government. At the conclusion of this
comment period a DHS will compile
and address these comments to the
extent practicable in a document which
will be made broadly available and may
result in further dialog via this forum or
other means.
1. Describe the overarching goal and
value proposition of Information
Sharing and Analysis Organizations
(ISAOs) for your organization.
2. Identify and describe any
information protection policies that
should be implemented by ISAOs to
ensure that they maintain the trust of
participating organizations.
3. Describe any capabilities that
should be demonstrated by ISAOs,
including capabilities related to
receiving, analyzing, storing, and
sharing information.
4. Describe any potential attributes of
ISAOs that will constrain their
capability to best serve the information
sharing requirements of member
organizations.
5. Identify and comment on proven
methods and models that can be
emulated to assist in promoting
formation of ISAOs and how the ISAO
‘‘standards’’ body called for by E.O.
13691 can leverage such methods and
models in developing its guidance.
6. How can the U.S. government best
foster and encourage the organic
development of ISAOs, and what should
the U.S. government avoid when
interacting with or supporting ISAOs?
7. Identify potential conflicts with
existing laws, authorities that may
inhibit organizations from participating
in ISAOS and describe potential
remedies to these conflicts.
8. Please identify other potential
challenges and issues that you believe
may affect the development and
maturation of effective ISAOs.
 | |
1 attachmentRegards,
Pete
Tony Rutkowski ---06/02/2015 02:56:48 PM---Hi Peter, Do you have a pointer to the RFP/RFCs?From: Tony Rutkowski <tony@yaanatech.com>
To: Peter Allor/Atlanta/IBM@IBMUS
Cc: Chet Ensign <chet.ensign@oasis-open.org>, "Jordan, Bret" <bret.jordan@bluecoat.com>, "cti@lists.oasis-open.org" <cti@lists.oasis-open.org>
Date: 06/02/2015 02:56 PM
Subject: Re: [cti] OASIS CTI - Need to recruit
Sent by: <cti@lists.oasis-open.org>
Hi Peter,
Do you have a pointer to the RFP/RFCs?
There is a real global need here, and it is
quite immediate without any good existing
alternatives. Already in some venues like
ITU-T, other some national administrations
are pushing for that body to provide a similar
function. Registry functions are inherently
in scope for the supporting standards body
secretariat, e.g., IANA for IETF among many
others.
--tony
On 2015-06-02 08:49 PM, Peter Allor wrote:
I am not in favor of an ISAO registry as part of this effort and see that as out of scope.
I say that from an ISAC and SCC perspective as I have watched Administrations change this and look to go around current efforts that they encouraged (PDD-63, HSPD-7, PPD-21).
Further there is an RFP and an RFC out on these issues and they pint to other processes/efforts.
Peter
Sent from my iPhone
> On Jun 2, 2015, at 14:35, Tony Rutkowski <tony@yaanatech.com> wrote:
>
> Hi Chet,
>
> It is fairly common for standards body
> secretariats to be tasked with registry
> functions. I don't know how many such
> registries the OASIS secretariat has
> established over the years. Minimally
> there is the persistent XML schema registry.
>
> There is a rather fundamental need to establish
> in conjunction with the CTI work, a ISOA
> registry as a means for STIX user communities
> to engage in discovery and self-organization.
> The Executive Order certainly encourages if not
> requires such activity. Given the considerable
> diversity of ISOAs globally, instantiating that
> function in the OASIS secretariat seems like a
> good way forward. CTI could find other alternatives,
> but the obvious and easiest solution is the one
> closest to home so to speak.
>
> --tony
>
>
>> On 2015-06-02 06:51 PM, Chet Ensign wrote:
>> Tony, that is an interesting observation. I'm not sure that a TC can
>> task OASIS with doing this but the TC itself could certainly become
>> the home for such a registry. I see the value of it...
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe from this mail list, you must leave the OASIS TC that
> generates this mail. Follow this link to all your TCs in OASIS at:
> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
>
