Download presentation
Presentation is loading. Please wait.
Published bySydney Richard Modified over 9 years ago
1
Requirements Development & Template Presentation to All Chairs 8/12/2014
2
Objectives Clarify the intent and purpose of Identity Ecosystem Framework Requirements Discuss potential approaches to requirements development Introduce and discuss the requirements catalog template
3
Agenda Overview Development Considerations Proposed Requirements Catalog Template Proposed Requirements Development Lifecycle Questions/Additional Items
4
Requirements Overview Requirements are a foundational component of the Identity Ecosystem Framework intended to: – define a baseline for participation in the Identity Ecosystem What is the baseline? Improving the security, privacy, usability, and interoperability of everyday online transactions What benefits could the everyday consumer see if this baseline was established? (e.g., reduced account compromise through increased use of multifactor authentication; greater user control through notice, consent requirements; etc.) – provide the foundation for the compliance/conformance program. I.E., to be part of the NSTIC inspired, IDESG defined ecosystem your organization must/should do A,B, and C with respect to security, privacy, interoperability, and usability These will be the basis for a future trustmark(s)
5
Requirements Overview The requirements are: – Discrete statements of activities, behaviors, and expectations for the various participants that are to be part of the identity ecosystem as envisioned in the NSTIC These requirements are not: – Business requirements – Software/technology/solution design requirements The IDESG is not building a specific identity solution or technology—but instead setting the general parameters, based on the Guiding Principles, in which solutions will operate May help shape and contribute to these other requirement types for future participants in the ecosystem
6
Requirements Overview: Goals for 2014 Develop requirements for all 4 guiding principles Establish an initial self-assessment and attestation compliance program – Assessment and attestation will be to applicable requirements
7
2014 Development Considerations Requirements should be ecosystem level requirements—not specific to sectors, communities, or technologies – Should not dictate specific solutions Should take into account the core operations of the functional model and the roles— specifically at the functional element layer – Some requirements may apply to more than one role, core operation, or function
8
Development Considerations: Criteria Should be relevant; should be tied to the four Guiding Principles, the NSTIC, and the establishment of the identity ecosystem Should be realistic; Potential participants should be capable of achieving conformance with these requirements without excessive technological or policy development time (i.e., quantum crypto should not be a requirement…) Should be balanced; taking into account the need to establish and maintain a marketplace while also preserving the NSTIC Guiding Principles Should be measurable; participants should be able to clearly state compliance through a binary or measurable response Should be technology agnostic; requirements should not specify or mandate a specific type of technology or solution and should be able to be met by multiple means (i.e., different technical solutions or combinations of tech and policy)
9
Development Considerations: Examples Ecosystem participants follow an adopted IDESG information security standard – Is it relevant to the identity ecosystem? Yes, all ecosystem participants should operate according to a strong, recognized set of information security principles, practices, and processes – Is it realistic? Yes, most organizations that handle customer or individual data already (or should) follow established information security standards or frameworks; implementing or using an IDESG adopted standard should not require an “excessive” shift in policy—though this will require IDESG to identify and adopt existing standards and frameworks in a timely manner – Is it balanced? Yes, the use of strong information security standards will only enhance the delivery of services and expansion of the market place – Is it measurable or binary? Yes, participants can clearly and easily state whether or not they follow an adopted standard – Is it technology agnostic? Most core information security standards do not specify solutions or technology types
10
Development Considerations: Examples Ecosystem participants provide and/or technically support the use of multi-factor authentication solutions. – Is it relevant to the identity ecosystem? Yes, all ecosystem participants should provide strong, multi-factor authentication options – Is it realistic? Yes, there are a significant number of existing multi- factor solutions in different forms and technologies; integration with these should not be excessive for ecosystem participants – Is it balanced? Yes, the need for strong, multi-factor authentication options is the primary driver behind the NSTIC and should only improve market growth and delivery of services – Is it measurable or binary? Yes, organizations can clearly and easily state whether or not they provide users access to multi-factor authentication options – Is it technology agnostic? Yes, no specific form or technology is included in the requirements
11
Development Considerations: Artifacts and Resources Many artifacts support requirements development: – The NSTIC; is the cornerstone of IDESG and essential guidance for requirements – Derived Requirements; a set of requirements statements derived from the NSTIC intended to stimulate requirements development – Existing standards, frameworks, and compliance programs; for example PCI-DSS, FICAM, ISO/IEC 27001 provide fertile ground for identification of potential ecosystem requirements – Pilot and operational experience; engage the pilots as participants in the development process
12
Development Considerations: Language and Structure Shall vs should, etc.: – Committee judgment matters: if it’s required, shall is likely appropriate. Use may or should appropriately If/then/else: – The fewer conditionals the better, but if needed, use them Hierarchical/sub-requirements: – This probably makes sense in some contexts, but this should be determined by the needs of the chairs. If committees need conditionals, use them.
13
Development Approach: Privacy Committee Privacy Committee has initiated requirements development Started with the Derived Requirements – Refined and updated to use as “guidance” – Creating more granular requirements based on the derived requirements and committee feedback; referring to these internally as “functional requirements” Incorporated several NSTIC pilots into the discussion to provide input Goal will be a set of requirements for incorporation into the identity ecosystem framework—the initial set may be updated, augmented, and added to as the framework matures Security committee is currently considering a similar approach for their own requirements development
14
Proposed Requirements Catalog Matrix Will be provided to the committees as a template that is intended to: – Capture requirements in a common format – Allow for consistent approaches, language, and structure Must think of these from the point of view of those who will need to consume these – Provides a uniformity and a foundation for the compliance program and ultimately trustmarks – Once IDESG requirements have been established they can then be compared to existing Trust Frameworks and Trust Framework Provider requirements; laying the foundation for streamlined self-assessment and future accreditation programs All information contained in the sample version of the matrix is for ILLUSTRATIVE PURPOSES ONLY
15
IDESG Requirements Catalog # Guiding PrincipleRequirement statement Applies to Source (Std., derived requirements, framework, etc.) Standard or Reference (spec, profile, etc.) Specific control(s), criteria, or additional info (Optional) Establishing Committee Last ModifiedDate Approved Registration Credentialing Authentication Authorization Transaction Intermediation 1 Secure and Resilient Ecosystem participants follow an adopted IDESG information security standard XXXXXNone ISO 27001 Certification None Identified Security Committee 7/28/20147/29/2014 2 Secure and Resilient Ecosystem participants provide and/or technically support the use of multi- factor authentication solutions. XXXNone FIDO U2F specification None Identified Security Committee 7/28/20147/29/2014 3 Secure and Resilient Ecosystem participants utilize credentials that are resistant to theft, tampering, counterfeiting, and exploitation. XX Modified from NSTIC Derived Requirements FICAM Trust Framework Solution (TFS) Trust Framework Provider Adoption Process (TFPAP) V 2.0 Trust Criteria: The authentication process shall resist online guessing threat. The authentication process shall resist replay threat. The authentication process shall resist session hijacking threat. The authentication process shall resist eavesdropping threat. The authentication process shall at least weakly resist man-in-the- middle threat. Security Committee 7/28/20147/29/2014 4 Privacy Enhancing Ecosystem participants determine the necessary quality of data used in identity assurance solutions based on the risk of that transaction, including to the individuals involved X Modified from NSTIC Derived Requirements NoneNone Identified Privacy Committee 7/28/20147/29/2014 5 Interoperable Ecosystem participants utilize an adopted IDESG standards and protocols for the exchange of identity data XXXXX Modified from NSTIC Derived Requirements Fido U2F Specification SAML 2.0 None Identified Standards Committee 7/28/20147/29/2014 Proposed Requirements Catalog Matrix
16
IDESG Requirements Catalog # Guiding PrincipleRequirement statement Applies to Source (Std., derived requirements, framework, etc.) Standard or Reference (spec, profile, etc.) Specific control(s), criteria, or additional info (Optional) Establishing Committee Last ModifiedDate Approved Registration Credentialing Authentication Authorization Transaction Intermediation 1 Secure and Resilient Ecosystem participants follow an adopted IDESG information security standard XXXXXNone ISO 27001 Certification None Identified Security Committee 7/28/20147/29/2014 2 Secure and Resilient Ecosystem participants provide and/or technically support the use of multi- factor authentication solutions. XXXNone FIDO U2F specification None Identified Security Committee 7/28/20147/29/2014 3 Secure and Resilient Ecosystem participants utilize credentials that are resistant to theft, tampering, counterfeiting, and exploitation. XX Modified from NSTIC Derived Requirements FICAM Trust Framework Solution (TFS) Trust Framework Provider Adoption Process (TFPAP) V 2.0 Trust Criteria: The authentication process shall resist online guessing threat. The authentication process shall resist replay threat. The authentication process shall resist session hijacking threat. The authentication process shall resist eavesdropping threat. The authentication process shall at least weakly resist man-in-the- middle threat. Security Committee 7/28/20147/29/2014 4 Privacy Enhancing Ecosystem participants determine the necessary quality of data used in identity assurance solutions based on the risk of that transaction, including to the individuals involved X Modified from NSTIC Derived Requirements NoneNone Identified Privacy Committee 7/28/20147/29/2014 5 Interoperable Ecosystem participants utilize an adopted IDESG standards and protocols for the exchange of identity data XXXXX Modified from NSTIC Derived Requirements Fido U2F Specification SAML 2.0 None Identified Standards Committee 7/28/20147/29/2014 Proposed Requirements Catalog Matrix The NSTIC Guiding Principle that most closely relates to the requirement; there may be more than one 1
17
IDESG Requirements Catalog # Guiding PrincipleRequirement statement Applies to Source (Std., derived requirements, framework, etc.) Standard or Reference (spec, profile, etc.) Specific control(s), criteria, or additional info (Optional) Establishing Committee Last ModifiedDate Approved Registration Credentialing Authentication Authorization Transaction Intermediation 1 Secure and Resilient Ecosystem participants follow an adopted IDESG information security standard XXXXXNone ISO 27001 Certification None Identified Security Committee 7/28/20147/29/2014 2 Secure and Resilient Ecosystem participants provide and/or technically support the use of multi- factor authentication solutions. XXXNone FIDO U2F specification None Identified Security Committee 7/28/20147/29/2014 3 Secure and Resilient Ecosystem participants utilize credentials that are resistant to theft, tampering, counterfeiting, and exploitation. XX Modified from NSTIC Derived Requirements FICAM Trust Framework Solution (TFS) Trust Framework Provider Adoption Process (TFPAP) V 2.0 Trust Criteria: The authentication process shall resist online guessing threat. The authentication process shall resist replay threat. The authentication process shall resist session hijacking threat. The authentication process shall resist eavesdropping threat. The authentication process shall at least weakly resist man-in-the- middle threat. Security Committee 7/28/20147/29/2014 4 Privacy Enhancing Ecosystem participants determine the necessary quality of data used in identity assurance solutions based on the risk of that transaction, including to the individuals involved X Modified from NSTIC Derived Requirements NoneNone Identified Privacy Committee 7/28/20147/29/2014 5 Interoperable Ecosystem participants utilize an adopted IDESG standards and protocols for the exchange of identity data XXXXX Modified from NSTIC Derived Requirements Fido U2F Specification SAML 2.0 None Identified Standards Committee 7/28/20147/29/2014 Proposed Requirements Catalog Matrix 2 A concise statement of the requirement (those contained in this document are for illustrative purposes only)
18
IDESG Requirements Catalog # Guiding PrincipleRequirement statement Applies to Source (Std., derived requirements, framework, etc.) Standard or Reference (spec, profile, etc.) Specific control(s), criteria, or additional info (Optional) Establishing Committee Last ModifiedDate Approved Registration Credentialing Authentication Authorization Transaction Intermediation 1 Secure and Resilient Ecosystem participants follow an adopted IDESG information security standard XXXXXNone ISO 27001 Certification None Identified Security Committee 7/28/20147/29/2014 2 Secure and Resilient Ecosystem participants provide and/or technically support the use of multi- factor authentication solutions. XXXNone FIDO U2F specification None Identified Security Committee 7/28/20147/29/2014 3 Secure and Resilient Ecosystem participants utilize credentials that are resistant to theft, tampering, counterfeiting, and exploitation. XX Modified from NSTIC Derived Requirements FICAM Trust Framework Solution (TFS) Trust Framework Provider Adoption Process (TFPAP) V 2.0 Trust Criteria: The authentication process shall resist online guessing threat. The authentication process shall resist replay threat. The authentication process shall resist session hijacking threat. The authentication process shall resist eavesdropping threat. The authentication process shall at least weakly resist man-in-the- middle threat. Security Committee 7/28/20147/29/2014 4 Privacy Enhancing Ecosystem participants determine the necessary quality of data used in identity assurance solutions based on the risk of that transaction, including to the individuals involved X Modified from NSTIC Derived Requirements NoneNone Identified Privacy Committee 7/28/20147/29/2014 5 Interoperable Ecosystem participants utilize an adopted IDESG standards and protocols for the exchange of identity data XXXXX Modified from NSTIC Derived Requirements Fido U2F Specification SAML 2.0 None Identified Standards Committee 7/28/20147/29/2014 Proposed Requirements Catalog Matrix 3 The core operations to which the requirement applies (may be one or many); will be hyperlinked to a separate page that lists the functions and definitions of each core operation (registration shown below)
19
IDESG Requirements Catalog # Guiding PrincipleRequirement statement Applies to Source (Std., derived requirements, framework, etc.) Standard or Reference (spec, profile, etc.) Specific control(s), criteria, or additional info (Optional) Establishing Committee Last ModifiedDate Approved Registration Credentialing Authentication Authorization Transaction Intermediation 1 Secure and Resilient Ecosystem participants follow an adopted IDESG information security standard XXXXXNone ISO 27001 Certification None Identified Security Committee 7/28/20147/29/2014 2 Secure and Resilient Ecosystem participants provide and/or technically support the use of multi- factor authentication solutions. XXXNone FIDO U2F specification None Identified Security Committee 7/28/20147/29/2014 3 Secure and Resilient Ecosystem participants utilize credentials that are resistant to theft, tampering, counterfeiting, and exploitation. XX Modified from NSTIC Derived Requirements FICAM Trust Framework Solution (TFS) Trust Framework Provider Adoption Process (TFPAP) V 2.0 Trust Criteria: The authentication process shall resist online guessing threat. The authentication process shall resist replay threat. The authentication process shall resist session hijacking threat. The authentication process shall resist eavesdropping threat. The authentication process shall at least weakly resist man-in-the- middle threat. Security Committee 7/28/20147/29/2014 4 Privacy Enhancing Ecosystem participants determine the necessary quality of data used in identity assurance solutions based on the risk of that transaction, including to the individuals involved X Modified from NSTIC Derived Requirements NoneNone Identified Privacy Committee 7/28/20147/29/2014 5 Interoperable Ecosystem participants utilize an adopted IDESG standards and protocols for the exchange of identity data XXXXX Modified from NSTIC Derived Requirements Fido U2F Specification SAML 2.0 None Identified Standards Committee 7/28/20147/29/2014 Proposed Requirements Catalog Matrix 4 Source of the requirement (if adapted from an existing document)
20
IDESG Requirements Catalog # Guiding PrincipleRequirement statement Applies to Source (Std., derived requirements, framework, etc.) Standard or Reference (spec, profile, etc.) Specific control(s), criteria, or additional info (Optional) Establishing Committee Last ModifiedDate Approved Registration Credentialing Authentication Authorization Transaction Intermediation 1 Secure and Resilient Ecosystem participants follow an adopted IDESG information security standard XXXXXNone ISO 27001 Certification None Identified Security Committee 7/28/20147/29/2014 2 Secure and Resilient Ecosystem participants provide and/or technically support the use of multi- factor authentication solutions. XXXNone FIDO U2F specification None Identified Security Committee 7/28/20147/29/2014 3 Secure and Resilient Ecosystem participants utilize credentials that are resistant to theft, tampering, counterfeiting, and exploitation. XX Modified from NSTIC Derived Requirements FICAM Trust Framework Solution (TFS) Trust Framework Provider Adoption Process (TFPAP) V 2.0 Trust Criteria: The authentication process shall resist online guessing threat. The authentication process shall resist replay threat. The authentication process shall resist session hijacking threat. The authentication process shall resist eavesdropping threat. The authentication process shall at least weakly resist man-in-the- middle threat. Security Committee 7/28/20147/29/2014 4 Privacy Enhancing Ecosystem participants determine the necessary quality of data used in identity assurance solutions based on the risk of that transaction, including to the individuals involved X Modified from NSTIC Derived Requirements NoneNone Identified Privacy Committee 7/28/20147/29/2014 5 Interoperable Ecosystem participants utilize an adopted IDESG standards and protocols for the exchange of identity data XXXXX Modified from NSTIC Derived Requirements Fido U2F Specification SAML 2.0 None Identified Standards Committee 7/28/20147/29/2014 Proposed Requirements Catalog Matrix 5 Candidate standards, protocols, or profiles that can be used to fulfill the stated requirement or referenced to illustrate conformance with the requirement; not all requirements will have existing standards (etc.) to reference
21
IDESG Requirements Catalog # Guiding PrincipleRequirement statement Applies to Source (Std., derived requirements, framework, etc.) Standard or Reference (spec, profile, etc.) Specific control(s), criteria, or additional info (Optional) Establishing Committee Last ModifiedDate Approved Registration Credentialing Authentication Authorization Transaction Intermediation 1 Secure and Resilient Ecosystem participants follow an adopted IDESG information security standard XXXXXNone ISO 27001 Certification None Identified Security Committee 7/28/20147/29/2014 2 Secure and Resilient Ecosystem participants provide and/or technically support the use of multi- factor authentication solutions. XXXNone FIDO U2F specification None Identified Security Committee 7/28/20147/29/2014 3 Secure and Resilient Ecosystem participants utilize credentials that are resistant to theft, tampering, counterfeiting, and exploitation. XX Modified from NSTIC Derived Requirements FICAM Trust Framework Solution (TFS) Trust Framework Provider Adoption Process (TFPAP) V 2.0 Trust Criteria: The authentication process shall resist online guessing threat. The authentication process shall resist replay threat. The authentication process shall resist session hijacking threat. The authentication process shall resist eavesdropping threat. The authentication process shall at least weakly resist man-in-the- middle threat. Security Committee 7/28/20147/29/2014 4 Privacy Enhancing Ecosystem participants determine the necessary quality of data used in identity assurance solutions based on the risk of that transaction, including to the individuals involved X Modified from NSTIC Derived Requirements NoneNone Identified Privacy Committee 7/28/20147/29/2014 5 Interoperable Ecosystem participants utilize an adopted IDESG standards and protocols for the exchange of identity data XXXXX Modified from NSTIC Derived Requirements Fido U2F Specification SAML 2.0 None Identified Standards Committee 7/28/20147/29/2014 Proposed Requirements Catalog Matrix A specific control or additional detail from an existing standard, protocol, or specification that can be used to further illustrate conformance with the stated requirement 6
22
IDESG Requirements Catalog # Guiding PrincipleRequirement statement Applies to Source (Std., derived requirements, framework, etc.) Standard or Reference (spec, profile, etc.) Specific control(s), criteria, or additional info (Optional) Establishing Committee Last ModifiedDate Approved Registration Credentialing Authentication Authorization Transaction Intermediation 1 Secure and Resilient Ecosystem participants follow an adopted IDESG information security standard XXXXXNone ISO 27001 Certification None Identified Security Committee 7/28/20147/29/2014 2 Secure and Resilient Ecosystem participants provide and/or technically support the use of multi- factor authentication solutions. XXXNone FIDO U2F specification None Identified Security Committee 7/28/20147/29/2014 3 Secure and Resilient Ecosystem participants utilize credentials that are resistant to theft, tampering, counterfeiting, and exploitation. XX Modified from NSTIC Derived Requirements FICAM Trust Framework Solution (TFS) Trust Framework Provider Adoption Process (TFPAP) V 2.0 Trust Criteria: The authentication process shall resist online guessing threat. The authentication process shall resist replay threat. The authentication process shall resist session hijacking threat. The authentication process shall resist eavesdropping threat. The authentication process shall at least weakly resist man-in-the- middle threat. Security Committee 7/28/20147/29/2014 4 Privacy Enhancing Ecosystem participants determine the necessary quality of data used in identity assurance solutions based on the risk of that transaction, including to the individuals involved X Modified from NSTIC Derived Requirements NoneNone Identified Privacy Committee 7/28/20147/29/2014 5 Interoperable Ecosystem participants utilize an adopted IDESG standards and protocols for the exchange of identity data XXXXX Modified from NSTIC Derived Requirements Fido U2F Specification SAML 2.0 None Identified Standards Committee 7/28/20147/29/2014 Proposed Requirements Catalog Matrix 78 The establishing committee, date the requirement was last modified, and the date the document was last approved 9
23
Proposed Requirements Lifecycle Provides a high level over view of a potential approach to creating, consolidating, approving, and refreshing Identity Ecosystem Framework Requirements
24
Proposed Requirements Lifecycle Privacy Committee Privacy Committee Security Committee UX Committee Standards Committee TFTM Consolidates Self-Assessment and Attestation Program Requirements “Catalog” Produces Identify Adopted Standards Requirements Standards Develops Self-Assessment and Attestation Program 2014 Identity Ecosystem Framework Requirements “Catalog” Periodic Review and Update Standards Committee Consolidates Plenary Approval Process Standards Adoption Process Functional Model Develops Informs Met with Source of
25
Privacy Committee Privacy Committee Security Committee UX Committee Standards Committee TFTM Consolidates Self-Assessment and Attestation Program Requirements “Catalog” Produces Identify Adopted Standards Requirements Standards Develops Self-Assessment and Attestation Program 2014 Identity Ecosystem Framework Requirements “Catalog” Periodic Review and Update Standards Committee Consolidates Plenary Approval Process Standards Adoption Process Functional Model Develops Informs Proposed Requirements Lifecycle 1 Committees produce requirements 1 Met with Source of
26
Privacy Committee Privacy Committee Security Committee UX Committee Standards Committee TFTM Consolidates Self-Assessment and Attestation Program Requirements “Catalog” Produces Identify Adopted Standards Requirements Standards Develops Self-Assessment and Attestation Program 2014 Identity Ecosystem Framework Requirements “Catalog” Periodic Review and Update Standards Committee Consolidates Plenary Approval Process Standards Adoption Process Functional Model Develops Informs Proposed Requirements Lifecycle 2 TFTM consolidates committee requirements 2 Met with Source of
27
Proposed Requirements Lifecycle TFTM produces self assessment documentation (questionnaire, assessment criteria, etc.) and requirements catalog 3 Privacy Committee Privacy Committee Security Committee UX Committee Standards Committee TFTM Consolidates Self-Assessment and Attestation Program Requirements “Catalog” Produces Identify Adopted Standards Requirements Standards Develops Self-Assessment and Attestation Program 2014 Identity Ecosystem Framework Requirements “Catalog” Periodic Review and Update Standards Committee Consolidates Plenary Approval Process Standards Adoption Process Functional Model Develops Informs 3 Met with Source of
28
Privacy Committee Privacy Committee Security Committee UX Committee Standards Committee TFTM Consolidates Self-Assessment and Attestation Program Requirements “Catalog” Produces Identify Adopted Standards Requirements Standards Develops Self-Assessment and Attestation Program 2014 Identity Ecosystem Framework Requirements “Catalog” Periodic Review and Update Standards Committee Consolidates Plenary Approval Process Standards Adoption Process Functional Model Develops Informs Proposed Requirements Lifecycle 4 Requirements catalog, self-assessment documentation are approved through the plenary 4 Met with Source of
29
Proposed Requirements Lifecycle Requirements are periodically reviewed and updated as necessary by the committees; dependent documents are subsequently updated and approved. 5 Privacy Committee Privacy Committee Security Committee UX Committee Standards Committee TFTM Consolidates Self-Assessment and Attestation Program Requirements “Catalog” Produces Identify Adopted Standards Requirements Standards Develops Self-Assessment and Attestation Program 2014 Identity Ecosystem Framework Requirements “Catalog” Periodic Review and Update Standards Committee Consolidates Plenary Approval Process Standards Adoption Process Functional Model Develops Informs 5 Met with Source of
30
Proposed Requirements Lifecycle Security committee develops functional model and standards committee manages standards adoption process A&BA&B Privacy Committee Privacy Committee Security Committee UX Committee Standards Committee TFTM Consolidates Self-Assessment and Attestation Program Requirements “Catalog” Produces Identify Adopted Standards Requirements Standards Develops Self-Assessment and Attestation Program 2014 Identity Ecosystem Framework Requirements “Catalog” Periodic Review and Update Standards Committee Consolidates Plenary Approval Process Standards Adoption Process Functional Model Develops Informs B A Met with Source of
31
Suggested Milestones Decision to progress with self-assessment and attestation compliance program – TFTM consensus decision 28 May 2014 Finalize and approve standards adoption policy – Standards committee; September 2014 Develop GP based requirements– Security, Standards, UX, Privacy – Security, privacy, UX, and standards committees; November 2014 Consolidate requirements – TFTM; November 2014 Finalize self assessment documentation – TFTM; December 2014 Plenary approval of requirements catalog – Plenary; January 2015 Plenary approval of self-assessment documentation – Plenary; January 2015
32
Questions/Discussion?
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.