Re: [cti] F2F Update & Call for agenda topics

["Barnum, Sean D." <sbarnum@mitre.org>]

While I agree with Tony that the topic is very important I would also agree with Bret here that this may best be done on one of our calls rather than f2f.

Our f2f time will be very precious.

sean

From: <cti@lists.oasis-open.org> on behalf of "Jordan, Bret" <bret.jordan@bluecoat.com>
Date: Monday, January 4, 2016 at 1:28 PM
To: Jamie Clark <jamie.clark@oasis-open.org>
Cc: "tony@yaanatech.com" <tony@yaanatech.com>, Mark Davidson <mdavidson@soltra.com>, "Richard.Struse@dhs.gov" <richard.struse@dhs.gov>, "cti@lists.oasis-open.org" <cti@lists.oasis-open.org>
Subject: Re: [cti] F2F Update & Call for agenda topics

Personally, I think this sort of discussion or presentation would be best done via one of our normal monthly calls.  I would not want to use expensive F2F time for something that can easily be done via a phone call.  IMHO, F2F time should be reserved for things that are painful to do remotely, over the phone, or over email.  

Thanks,

Bret

Bret Jordan CISSP

Director of Security Architecture and Standards | Office of the CTO

Blue Coat Systems

PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050

"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." 

On Jan 4, 2016, at 10:49, Jamie Clark <jamie.clark@oasis-open.org> wrote:

    Thanks from us for this also, Tony.    The legislation does indeed provide a whole bunch of new issues for info sharing -- but on the technical side, it certainly does look like a paved sidewalk to STIX/TAXII. 

    For what it's worth, it sounds like a great idea to use a manageable part of your F2F time to talk about how the TC wants to describe its work as fitting into this US mandate -- and how to do so without losing its potential character as a global voluntary toolset as well. 

    Obviously, having posted your slideset to the TC list, it's public via our archives now.   It's good stuff, so we may share it with a few other folks for general information, with the obvious warning that it's a company's view, not necessarily representing the TC's work or viewpoint. 

    Happy new year -- cordially, Jamie

   
James Bryce Clark, General Counsel
OASIS: Advancing open standards for the information society
https://www.oasis-open.org/staff
www.twitter.com/JamieXML
http://www.slideshare.net/jamiexml
Recent:  http://j.mp/globalcyber (OASIS-World Bank cybersec conference)
Recent:  http://www.iso.org/iso/catalogue_detail.htm?csnumber=66370 (UBL approved by ISO/IEC)

On Fri, Jan 1, 2016 at 6:26 AM, Tony Rutkowski <tony@yaanatech.com> wrote:

Hi Mark,

Happy New Year.

Two weeks ago, a rather significant and fast
moving "baby" was left at our collective doorstep
in the form of the Cybersecurity Act of 2015.
It is arguably the most significant cybersecurity
statutory enactment for the U.S. with implications
far beyond its shores.  It has major deliverables
required in fast order early this year.  It also is tightly
bound to the work for this Technical Committee.
It seems appropriate to add this subject to the
F2F agenda - based on the attached slide material.

What has been provide here is a "deconstruction"
of the Act to identify the requirements model,
architecture, interfaces, and expressions required
by the Act.  It is worth noting that the information
exchange model here has a tight binding to OASIS
generally, and the architectures are common to
others established by many other government
established compliance obligations creating
information sharing interfaces.

The slides provide model basics, the embedded
architecture and interfaces, the exchange expressions,
timeline, and some "starter" questions and options.
A number of additional slides are attached that
provide reference information underlying those
questions and options.

best,
tony