[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [dcml-frame] FW: Groups - oasis - Ballot "DCML: Process Subgroup Objectives" has closed
Persons outside our group are on BCC. If the
blind copy is not working, please can I be notified
immediately.
Standards TC has a great synergy with the
current news Computerworld news mail is quoted below. (if you
join, I do not allow cookies and popups. Site is advertising
heavy.)
The articles about OASIS and MASS enterprise government
standards came from here. I posted them to the group about one month
ago. The articles included Microsoft attempts to become the Open Source
standard, and that no one bought it, recognizing OASIS as the one and only
leader for this space.
I've been suggesting we align with
ISO/IEC 15026 and review the frameworks established at the Common Criteria
Portal.
The overarching reason for an ontology of correctly
applied standards is also the main focus of work by CSRC and
NIST
http://csrc.nist.gov/publications/nistbul/b-11-05.pdf and
subject of a lot of work for ISSA, ISACA and IEC collaboration, as well as OGC,
ISO alignment.
SAML team has members for the 2.0 release show IEC
members who applied current government RFC to their work. We ought to
consider their involvement.
ISACA is evolving their mapping very heavily with ISO
and ITIL. I am going to copy Ron Hale and Tom Lamm because they are more
aware of the evolution of Liaison work between groups than any other persons I
can imagine. I repost this link. If Zeula, Darrel, Fred are not
ISACA members, I urge you to become members. The cost is far outweighed by
the benefit.
I also urge alliance to NIST language in our
group. Dr. Ron Ross published this in October 2005. We are looking
at a country just beginning to realize the impacts of FISMA and other US Laws
around technology. Regulation of federal records and FOIA are small
potatoes compared to computer abuse and fraud ACT, the evolving data
notification rulings modeled after California SB notification
laws.
I thought the activities of Common Criteria Project
were aligned to this mission, although they currently focus to software that
supports security programs and not the correct application of best class
standards per any industry.
here's that article.
rb
Directly quoted without any authority to reproduce,
here is text of article and link is in text.
OMG pushes standards for verifying software security
Framework would be an aid to vendors, government buyers "News Story by Jaikumar Vijayan DECEMBER 16, 2005 The task force, which is composed of representatives from private-sector companies and government agencies, is part of a broader effort to ensure that software products used by the government meet consistent and defined security standards. "What the OMG is hoping to achieve in putting together these standards. is to have a formal way of measuring if software is trustworthy," said Djenana Campara, co-chairman of the Architecture-Driven Modernization Task Force within the OMG. The standards will give vendors and software purchasers a consistent way to evaluate a system's design robustness, reliability, process integrity and configuration controls, said Campara, who is also CTO of Klocwork Inc., a Burlington, Mass.-based vendor of vulnerability analysis software. Such a framework is crucial to allowing software suppliers and buyers to represent their claims and requirements along with a way to verify them, said Joe Jarzombek, director of software assurance at the National Cyber Security Division of the U.S. Department of Homeland Security. "When vendors make claims about the safety, security and dependability of products, what is the standard by which they are making those claims and what are the minimum levels of evidence" that are needed? he asked. "The reason to have a standard is it tells you, Here's how you can make a claim, here are the attributes we are looking for, and here are the things you need to include when making a claim," he said. Having a process for enabling security verification is becoming important because of the increasing complexity of software systems, their growing interconnectedness and the globalization, of software developers, Campara said. Government systems that are used for national security purposes already need to go through a Common Criteria Certification process to determine whether they meet security requirements. OMG's framework -- which still has to go through a long approval process -- will give another option to agencies that are not mandated to use the Common Criteria process, Jarzombek said. In addition, a systems and software assurance standard that's being finalized
by the International Standards Organization (ISO/IEC 15026) will also give
government agencies a standard they can use for assessing software security
sometime next year, he said. The ISO standard is focused on the management of
risk and assurance of safety, security and dependability of systems and
software, he added. " From: Thomas, Darrel
[mailto:darrel.thomas@eds.com]
Sent: Friday, December 16, 2005 4:14 PM To: dcml-frame@lists.oasis-open.org; dcml-appserv@lists.oasis-open.org Subject: [dcml-frame] FW: Groups - oasis - Ballot "DCML: Process Subgroup Objectives" has closed Hello All, The results from the process subgroup ballot are in, and
we ·
On Zulah’s point about defining
processes and services, I ·
On Fred’s point, I believe my
attempt at a clarification in the first point clears up the thoughts around
process and service work. Understanding the interfaces from the best
practice mappings is EXACTLY what we want to do, rather than creating them with
a narrow view from the Member Section. The idea is to use our reach to
industry organizations, members, analytics, and so forth to gather this
information for the identification, mapping, and codification by the Interfaces
Subgroup. We This should help, I
believe… Regards, jDT J. Darrel Thomas Distinguished SE Chief Technologist, Datacenter Services
Portfolio Electronic Data Systems
Corporation Mail Stop H3-5A-34 972-797-9695 (Office) 972-679-5943 (Cell) Darrel.Thomas@EDS.Com
(Email) "Of all the things I This message is for the designated recipient only and
may contain privileged, proprietary, or otherwise private information. If
you have received it in error, please notify the sender immediately and delete
the original. Any other use of the email by you is
prohibited. -----Original Message----- OASIS DCML Framework TC
member, A ballot presented to OASIS DCML Framework TC has
closed. The text of this closed ballot is as
follows: --- "DCML: Process Subgroup
Objectives" Please provide your approval for the following:
The Process subgroup is tasked with defining the
standard processes, interdependencies, and requirements for the
Interfaces/Implementation Subgroup to use to create DCML standard
implementations and reference models. This include the definition of
inputs and outputs, best practice workflows and process flows, and inter-process
dependencies from one targeted process framework to another. The initial
work of the Process Subgroup will center around the interactions and
interdependencies of the Configuration Management Process, its workflows, and
orchestration of domain-based management within the IT Services lifecycle.
The output of this work effort will be the specifications, requirements, process
diagrams, and process flows used by the Interfaces group to codify the standard
interfaces of the CfM Process and its interactions, inputs and outputs, as well
as reference implementation of a multi-layered CfM process within a working
model. Future prospective processes to be defined and mapped
include: The Processes of the ITIL Process Framework
(Change, Release, Incident, Problem, etc.) Service-Oriented Processes
Business Processes Outputs from the mapping and modeling work by the
Process subgroup will include: - Process diagrams and models outlining each
process to be implemented by the Implementation/Interfaces
subgroup - Use cases to accompany process models and
diagrams, as well as prescriptive relevance to industry
usage - Specifications on interrelationships for a
process to other processes - Other interfaces and dependencies on non-process
oriented artifacts, if any, to accompany process
outputs - Detailed description and definition of process
to be mapped/modeled - Detailed project plan with milestones and
dates - User Guides and
Documentation - Yes - No - Abstain --- Quick Summary of Voting Results:
- Yes received 4
Votes - No received 2 Votes - Abstain received 0
Votes 6 of 8 eligible voters cast their vote before the
deadline. Voting results for all closed ballots are available on
the dcml-frame eVote Archive at: http://www.oasis-open.org/apps/org/workgroup/dcml-frame/ballot_archive.php Thank you, OASIS Open
Administration |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]