OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

cti message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [cti] F2F Update & Call for agenda topics

Hi Jamie,

It appears as if there is some significant
divergence on what is suitable for
treatment at a F2F.   Others want to
treat the subject on a telephone call.

I had originally suggested this subject
as a BOF, and others suggested it be on
the F2F agenda.  It is difficult to imagine
a F2F topic less important and time critical
than the Act's implementation and how
the CTI work fits into it.  It really doesn't
lend to telephone call treatment. 

Perhaps breakout sessions are the best
course of action here.


On 2016-01-04 12:49 PM, Jamie Clark wrote:
    Thanks from us for this also, Tony.    The legislation does indeed provide a whole bunch of new issues for info sharing -- but on the technical side, it certainly does look like a paved sidewalk to STIX/TAXII. 
    For what it's worth, it sounds like a great idea to use a manageable part of your F2F time to talk about how the TC wants to describe its work as fitting into this US mandate -- and how to do so without losing its potential character as a global voluntary toolset as well. 
    Obviously, having posted your slideset to the TC list, it's public via our archives now.   It's good stuff, so we may share it with a few other folks for general information, with the obvious warning that it's a company's view, not necessarily representing the TC's work or viewpoint. 
    Happy new year -- cordially, Jamie

James Bryce Clark, General Counsel
OASIS: Advancing open standards for the information society
Recent:  http://j.mp/globalcyber (OASIS-World Bank cybersec conference)
Recent:  http://www.iso.org/iso/catalogue_detail.htm?csnumber=66370 (UBL approved by ISO/IEC)

On Fri, Jan 1, 2016 at 6:26 AM, Tony Rutkowski <tony@yaanatech.com> wrote:
Hi Mark,

Happy New Year.

Two weeks ago, a rather significant and fast
moving "baby" was left at our collective doorstep
in the form of the Cybersecurity Act of 2015.
It is arguably the most significant cybersecurity
statutory enactment for the U.S. with implications
far beyond its shores.  It has major deliverables
required in fast order early this year.  It also is tightly
bound to the work for this Technical Committee.
It seems appropriate to add this subject to the
F2F agenda - based on the attached slide material.

What has been provide here is a "deconstruction"
of the Act to identify the requirements model,
architecture, interfaces, and expressions required
by the Act.  It is worth noting that the information
exchange model here has a tight binding to OASIS
generally, and the architectures are common to
others established by many other government
established compliance obligations creating
information sharing interfaces.

The slides provide model basics, the embedded
architecture and interfaces, the exchange expressions,
timeline, and some "starter" questions and options.
A number of additional slides are attached that
provide reference information underlying those
questions and options.




Anthony Michael Rutkowski

EVP, Industry Standards & Regulatory Affairs


+1 703 999 8270


Yaana Technologies LLC

542 Gibraltar Drive

Milpitas CA 95035 USA

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]