[Global_education_committee] Fwd: [Committees-chairs] Fwd: ICT SCRM Ad Hoc: ISO/IEC 27034-2 DoD Comments Review

Martin Knobloch martin.knobloch at owasp.org
Mon Mar 26 07:45:59 UTC 2012


FYI

---------- Forwarded message ----------
From: Thomas Brennan <tomb at owasp.org>
Date: Sun, Mar 25, 2012 at 7:57 PM
Subject: [Committees-chairs] Fwd: ICT SCRM Ad Hoc: ISO/IEC 27034-2 DoD
Comments Review
To: Michael Coates <michael.coates at owasp.org>, Dave Wichers <
dave.wichers at owasp.org>, Seba <seba at owasp.org>, Eoin <eoin.keary at owasp.org>,
Owasp Committ Chairs <committees-chairs at lists.owasp.org>


Feel free to comment directly on this ASAP and pass to your committees to:
shankles_stephanie at bah.com


Begin forwarded message:

*From:* "Bartol, Nadya [USA]" <bartol_nadya at bah.com>
*Date:* March 25, 2012 12:26:02 PM EDT
*To:* "Shankles, Stephanie [USA]" <shankles_stephanie at bah.com>, "
Jenine.Alston at osd.mil" <Jenine.Alston at osd.mil>, "Mike.Beck at bsigroup.com" <
Mike.Beck at bsigroup.com>, "annette.benging at us.af.mil" <
annette.benging at us.af.mil>, "dbenigni at nist.gov" <dbenigni at nist.gov>, "
eugene.berger.ctr at lackland.af.mil" <eugene.berger.ctr at lackland.af.mil>, "
j.bergmann at opengroup.org" <j.bergmann at opengroup.org>, "
jbisceglie at interos.net" <jbisceglie at interos.net>, "'scott.borg at usccu.us'" <'
scott.borg at usccu.us'>, "jon.boyens at nist.gov" <jon.boyens at nist.gov>, "
tomb at owasp.org" <tomb at owasp.org>, "david.a.brown at intel.com" <
david.a.brown at intel.com>, "john.bruggemann at honeywell.com" <
john.bruggemann at honeywell.com>, "susan.burgess at keane.com" <
susan.burgess at keane.com>, "lclinton at isalliance.org" <lclinton at isalliance.org>,
"kyle.coble at dhs.gov" <kyle.coble at dhs.gov>, "edconway at cisco.com" <
edconway at cisco.com>, "craig.corbin at wwt.com" <craig.corbin at wwt.com>, "
pcroll at csc.com" <pcroll at csc.com>, "Don.Davidson at osd.mil" <
Don.Davidson at osd.mil>, "fdavis at nsa.gov" <fdavis at nsa.gov>, "
demosthenes.devera at disa.mil" <demosthenes.devera at disa.mil>, "
david_dillard at symantec.com" <david_dillard at symantec.com>, "
daniel.dimase at honeywell.com" <daniel.dimase at honeywell.com>, "
rdix at juniper.net" <rdix at juniper.net>, "ellison at sei.cmu.edu" <
ellison at sei.cmu.edu>, "paul.fowler at aia-aerospace.org" <
paul.fowler at aia-aerospace.org>, "Ross.Gaiser at dhs.gov" <Ross.Gaiser at dhs.gov>,
"Willie.Garrett at dhs.gov" <Willie.Garrett at dhs.gov>, "adamg at cisco.com" <
adamg at cisco.com>, "Juan.Gonzalez at dhs.gov" <Juan.Gonzalez at dhs.gov>, "
mike.grieco at thesiorg.com" <mike.grieco at thesiorg.com>, "
karen.higginbottom at hp.com" <karen.higginbottom at hp.com>, "
EKenneth.Hongfong at osd.mil" <EKenneth.Hongfong at osd.mil>, "
Ralph.Hood at microsoft.com" <Ralph.Hood at microsoft.com>, "theresa.hunt at gdit.com"
<theresa.hunt at gdit.com>, "Joe.Jarzombek at dhs.gov" <Joe.Jarzombek at dhs.gov>, "
ejohnson at msiinet.com" <ejohnson at msiinet.com>, "pamela.jones at ngc.com" <
pamela.jones at ngc.com>, "cheryl.jones5 at us.army.mil" <
cheryl.jones5 at us.army.mil>, "rkissel at nist.gov" <rkissel at nist.gov>, "
pkoch at arinc.com" <pkoch at arinc.com>, "kuiperl at cisco.com" <kuiperl at cisco.com>,
"thresa_lang at dell.com" <thresa_lang at dell.com>, "
henry.c.livingston at baesystems.com" <henry.c.livingston at baesystems.com>, "
bmahone at sae.org" <bmahone at sae.org>, "amanion at cert.org" <amanion at cert.org>, "
janice.meraglia at adnas.com" <janice.meraglia at adnas.com>, "
James.W.Moore at ieee.org" <James.W.Moore at ieee.org>, "Moss, Michele [USA]" <
moss_michele at bah.com>, "fiona at atsec.com" <fiona at atsec.com>, "
celia.paulsen at nist.gov" <celia.paulsen at nist.gov>, "DLPeake at nsa.gov" <
DLPeake at nsa.gov>, "dennis_phelan at sra.com" <dennis_phelan at sra.com>, "
audrey.l.plonk at intel.com" <audrey.l.plonk at intel.com>, "Sydney.Pope at osd.mil"
<Sydney.Pope at osd.mil>, "dan.purtell at bsigroup.com" <dan.purtell at bsigroup.com>,
"reddy_dan at emc.com" <reddy_dan at emc.com>, "krichter at ida.org" <
krichter at ida.org>, "jim.robinson at hp.com" <jim.robinson at hp.com>, "
garry.j.roedler at lmco.com" <garry.j.roedler at lmco.com>, "mark.schiller at hp.com"
<mark.schiller at hp.com>, "dan.schutzer at fstc.org" <dan.schutzer at fstc.org>, "
sschwitalla at abilityworldwide.com" <sschwitalla at abilityworldwide.com>, "
Kurt.Seidling at dhs.gov" <Kurt.Seidling at dhs.gov>, "pauls at fsround.org" <
pauls at fsround.org>, "estull at datavantage.com" <estull at datavantage.com>, "
rebecca.d.swain at gmail.com" <rebecca.d.swain at gmail.com>, "aszakal at us.ibm.com"
<aszakal at us.ibm.com>, "keith.n.turpin at boeing.com" <keith.n.turpin at boeing.com>,
"l.wagone at radium.ncsc.mil" <l.wagone at radium.ncsc.mil>, "grace.wei at intel.com"
<grace.wei at intel.com>, "RGW at Zygma.biz" <RGW at Zygma.biz>, "
Marjorie_windelberg at sra.com" <Marjorie_windelberg at sra.com>, "cwoody at cert.org"
<cwoody at cert.org>, "dz at sei.cmu.edu" <dz at sei.cmu.edu>, "wtomczyk at arinc.com" <
wtomczyk at arinc.com>
*Cc:* "cyber-security at standards.incits.org" <
cyber-security at standards.incits.org>, "dwheeler at ida.org" <dwheeler at ida.org>,
"rama.moorthy at hathasystems.com" <rama.moorthy at hathasystems.com>
*Subject:* *ICT SCRM Ad Hoc:  ISO/IEC 27034-2 DoD Comments Review*

 Dear All,****

** **

I am happy to report that ICT SCRM Ad Hoc comments and voting
recommendations on ISO/IEC 27036 parts 1, 2, and 3 were approved as US
positions at the last week’s CS1 meetings.****

** **

I am reaching out to the ICT SCRM Ad Hoc because another item was
identified during the CS1 meeting last week that may be of interest to some
in this group.  Attached to this e-mail is ISO/ICE 27034-2, Information
technology -- Security techniques – Application security -- Part 2:
Organization normative framework with the DoD comments on the standard.
Due to procedural reasons the only way to get this comments into SC27 is to
attach them to the WG4 delegates instructions to be used by the US
delegation at SC27 WG4 meeting when the document comes up.****

** **

To make that happen the CS1 Chair, Dan Benigni, will need to run an
accelerated ballot on the contribution.  I am reaching out to you to get
your informal feedback on the comments.  Because of the time pressures it
is very difficult to schedule a formal ICT SCRM Ad Hoc meeting and we would
like to run this review via e-mail.****

** **

ISO/IEC 27034-2 has a somewhat complex history where the editors have
consistently been rather late with issuing the drafts leaving practically
no time for the national bodies to review them.   The draft that is
attached to this e-mail was no exception when it was issued last time
before the October 2011 meetings.  As a result CS1 submitted very few high
level comments.  Many national bodies were not too happy about the
inadequate for review timeframe and a host of other issues.  In October
2011 ISO/IEC 27034-2 document was frozen and no contributions were
solicited in advance of the May 2012 meeting.****

** **

The DoD set of comments attached to this e-mail was created to provide
specific guidance to the editors for how to remediate many structural and
content issues.  These comments, for example, address the editors repeating
content that has been standardized in other bodies and can be referenced
rather than included, such as project management.  DoD had many more
comments, the ones that were ultimately chosen to be included here are
those that are most critical to get the document on track.  Many of these
comments point at structural problems and provide high-level solutions to
those problems but do not necessarily provide specific text.  The document
is in such poor state that it needs to first be restructured and then
revised.  A number of the attached comments state that if they are approved
in principle, text will be provided by the next meeting which is a well
proven technique that CS1 has used successfully multiple times in the past.*
***

** **

To make the timing work,  we can only provide no more than 10 days for your
review.   Please send your comments by April 4 to Stephanie Shankles at
shankles_stephanie at bah.com.  (please DO NOT send them to me as I will be on
a cruise and will not get the until April 9 when I get back).  ****

** **

Thanks so much for your understanding,****

** **

Nadya ****




_______________________________________________
Committees-chairs mailing list
Committees-chairs at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/committees-chairs
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/global_education_committee/attachments/20120326/2060ec99/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 27034-part2-comments-DoD March 2012.doc
Type: application/msword
Size: 82432 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/global_education_committee/attachments/20120326/2060ec99/attachment-0001.doc>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ISO-IECJTC1-SC27_N9963_Reissued_3rd_WD_27034-2_20110822.pdf
Type: application/pdf
Size: 856566 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/global_education_committee/attachments/20120326/2060ec99/attachment-0001.pdf>


More information about the Global_education_committee mailing list