[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [dcml-frame] FW: Groups - oasis - Ballot "DCML: Process Subgroup Objectives" has closed
Persons outside our group are on BCC. If the blind copy is not working, please can I be notified immediately.
Standards TC has a great synergy with the current news Computerworld news mail is quoted below. (if you join, I do not allow cookies and popups. Site is advertising heavy.)
The articles about OASIS and MASS enterprise government standards came from here. I posted them to the group about one month ago. The articles included Microsoft attempts to become the Open Source standard, and that no one bought it, recognizing OASIS as the one and only leader for this space.
I've been suggesting we align with ISO/IEC 15026 and review the frameworks established at the Common Criteria Portal.
The overarching reason for an ontology of correctly applied standards is also the main focus of work by CSRC and NIST
http://csrc.nist.gov/publications/nistbul/b-11-05.pdf and subject of a lot of work for ISSA, ISACA and IEC collaboration, as well as OGC, ISO alignment.
SAML team has members for the 2.0 release show IEC members who applied current government RFC to their work. We ought to consider their involvement.
ISACA is evolving their mapping very heavily with ISO and ITIL. I am going to copy Ron Hale and Tom Lamm because they are more aware of the evolution of Liaison work between groups than any other persons I can imagine. I repost this link. If Zeula, Darrel, Fred are not ISACA members, I urge you to become members. The cost is far outweighed by the benefit.
I also urge alliance to NIST language in our group. Dr. Ron Ross published this in October 2005. We are looking at a country just beginning to realize the impacts of FISMA and other US Laws around technology. Regulation of federal records and FOIA are small potatoes compared to computer abuse and fraud ACT, the evolving data notification rulings modeled after California SB notification laws.
I thought the activities of Common Criteria Project were aligned to this mission, although they currently focus to software that supports security programs and not the correct application of best class standards per any industry.
here's that article.
Directly quoted without any authority to reproduce, here is text of article and link is in text.
OMG pushes standards for verifying software security
Framework would be an aid to vendors, government buyers
"News Story by Jaikumar Vijayan
DECEMBER 16, 2005
The task force, which is composed of representatives from private-sector companies and government agencies, is part of a broader effort to ensure that software products used by the government meet consistent and defined security standards.
"What the OMG is hoping to achieve in putting together these standards. is to have a formal way of measuring if software is trustworthy," said Djenana Campara, co-chairman of the Architecture-Driven Modernization Task Force within the OMG.
The standards will give vendors and software purchasers a consistent way to evaluate a system's design robustness, reliability, process integrity and configuration controls, said Campara, who is also CTO of Klocwork Inc., a Burlington, Mass.-based vendor of vulnerability analysis software.
Such a framework is crucial to allowing software suppliers and buyers to represent their claims and requirements along with a way to verify them, said Joe Jarzombek, director of software assurance at the National Cyber Security Division of the U.S. Department of Homeland Security.
"When vendors make claims about the safety, security and dependability of products, what is the standard by which they are making those claims and what are the minimum levels of evidence" that are needed? he asked. "The reason to have a standard is it tells you, Here's how you can make a claim, here are the attributes we are looking for, and here are the things you need to include when making a claim," he said.
Having a process for enabling security verification is becoming important because of the increasing complexity of software systems, their growing interconnectedness and the globalization, of software developers, Campara said.
Government systems that are used for national security purposes already need to go through a Common Criteria Certification process to determine whether they meet security requirements. OMG's framework -- which still has to go through a long approval process -- will give another option to agencies that are not mandated to use the Common Criteria process, Jarzombek said.
In addition, a systems and software assurance standard that's being finalized
by the International Standards Organization (ISO/IEC 15026) will also give
government agencies a standard they can use for assessing software security
sometime next year, he said. The ISO standard is focused on the management of
risk and assurance of safety, security and dependability of systems and
software, he added. "
From: Thomas, Darrel [mailto:firstname.lastname@example.org]
Sent: Friday, December 16, 2005 4:14 PM
To: email@example.com; firstname.lastname@example.org
Subject: [dcml-frame] FW: Groups - oasis - Ballot "DCML: Process Subgroup Objectives" has closed
The results from the process subgroup ballot are in, and
On Zulah’s point about defining
processes and services, I
On Fred’s point, I believe my
attempt at a clarification in the first point clears up the thoughts around
process and service work. Understanding the interfaces from the best
practice mappings is EXACTLY what we want to do, rather than creating them with
a narrow view from the Member Section. The idea is to use our reach to
industry organizations, members, analytics, and so forth to gather this
information for the identification, mapping, and codification by the Interfaces
This should help, I believe…
J. Darrel Thomas
Chief Technologist, Datacenter Services Portfolio
Electronic Data Systems Corporation
Mail Stop H3-5A-34
"Of all the things I
This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited.
OASIS DCML Framework TC member,
A ballot presented to OASIS DCML Framework TC has closed.
The text of this closed ballot is as follows:
"DCML: Process Subgroup Objectives"
Please provide your approval for the following:
The Process subgroup is tasked with defining the standard processes, interdependencies, and requirements for the Interfaces/Implementation Subgroup to use to create DCML standard implementations and reference models. This include the definition of inputs and outputs, best practice workflows and process flows, and inter-process dependencies from one targeted process framework to another. The initial work of the Process Subgroup will center around the interactions and interdependencies of the Configuration Management Process, its workflows, and orchestration of domain-based management within the IT Services lifecycle. The output of this work effort will be the specifications, requirements, process diagrams, and process flows used by the Interfaces group to codify the standard interfaces of the CfM Process and its interactions, inputs and outputs, as well as reference implementation of a multi-layered CfM process within a working model.
Future prospective processes to be defined and mapped include:
The Processes of the ITIL Process Framework (Change, Release, Incident, Problem, etc.)
Outputs from the mapping and modeling work by the Process subgroup will include:
- Process diagrams and models outlining each process to be implemented by the Implementation/Interfaces subgroup
- Use cases to accompany process models and diagrams, as well as prescriptive relevance to industry usage
- Specifications on interrelationships for a process to other processes
- Other interfaces and dependencies on non-process oriented artifacts, if any, to accompany process outputs
- Detailed description and definition of process to be mapped/modeled
- Detailed project plan with milestones and dates
- User Guides and Documentation
Quick Summary of Voting Results:
- Yes received 4 Votes
- No received 2 Votes
- Abstain received 0 Votes
6 of 8 eligible voters cast their vote before the deadline.
Voting results for all closed ballots are available on the dcml-frame eVote Archive at:
OASIS Open Administration