Presentation is loading. Please wait.

Presentation is loading. Please wait.

Requirements Development & Template Presentation to All Chairs 8/12/2014.

Published bySydney Richard Modified over 8 years ago

Similar presentations

Presentation on theme: "Requirements Development & Template Presentation to All Chairs 8/12/2014."— Presentation transcript:

1 Requirements Development & Template Presentation to All Chairs 8/12/2014

2 Objectives Clarify the intent and purpose of Identity Ecosystem Framework Requirements Discuss potential approaches to requirements development Introduce and discuss the requirements catalog template

3 Agenda Overview Development Considerations Proposed Requirements Catalog Template Proposed Requirements Development Lifecycle Questions/Additional Items

4 Requirements Overview Requirements are a foundational component of the Identity Ecosystem Framework intended to: – define a baseline for participation in the Identity Ecosystem What is the baseline? Improving the security, privacy, usability, and interoperability of everyday online transactions What benefits could the everyday consumer see if this baseline was established? (e.g., reduced account compromise through increased use of multifactor authentication; greater user control through notice, consent requirements; etc.) – provide the foundation for the compliance/conformance program. I.E., to be part of the NSTIC inspired, IDESG defined ecosystem your organization must/should do A,B, and C with respect to security, privacy, interoperability, and usability These will be the basis for a future trustmark(s)

5 Requirements Overview The requirements are: – Discrete statements of activities, behaviors, and expectations for the various participants that are to be part of the identity ecosystem as envisioned in the NSTIC These requirements are not: – Business requirements – Software/technology/solution design requirements The IDESG is not building a specific identity solution or technology—but instead setting the general parameters, based on the Guiding Principles, in which solutions will operate May help shape and contribute to these other requirement types for future participants in the ecosystem

6 Requirements Overview: Goals for 2014 Develop requirements for all 4 guiding principles Establish an initial self-assessment and attestation compliance program – Assessment and attestation will be to applicable requirements

7 2014 Development Considerations Requirements should be ecosystem level requirements—not specific to sectors, communities, or technologies – Should not dictate specific solutions Should take into account the core operations of the functional model and the roles— specifically at the functional element layer – Some requirements may apply to more than one role, core operation, or function

8 Development Considerations: Criteria Should be relevant; should be tied to the four Guiding Principles, the NSTIC, and the establishment of the identity ecosystem Should be realistic; Potential participants should be capable of achieving conformance with these requirements without excessive technological or policy development time (i.e., quantum crypto should not be a requirement…) Should be balanced; taking into account the need to establish and maintain a marketplace while also preserving the NSTIC Guiding Principles Should be measurable; participants should be able to clearly state compliance through a binary or measurable response Should be technology agnostic; requirements should not specify or mandate a specific type of technology or solution and should be able to be met by multiple means (i.e., different technical solutions or combinations of tech and policy)

9 Development Considerations: Examples Ecosystem participants follow an adopted IDESG information security standard – Is it relevant to the identity ecosystem? Yes, all ecosystem participants should operate according to a strong, recognized set of information security principles, practices, and processes – Is it realistic? Yes, most organizations that handle customer or individual data already (or should) follow established information security standards or frameworks; implementing or using an IDESG adopted standard should not require an “excessive” shift in policy—though this will require IDESG to identify and adopt existing standards and frameworks in a timely manner – Is it balanced? Yes, the use of strong information security standards will only enhance the delivery of services and expansion of the market place – Is it measurable or binary? Yes, participants can clearly and easily state whether or not they follow an adopted standard – Is it technology agnostic? Most core information security standards do not specify solutions or technology types

10 Development Considerations: Examples Ecosystem participants provide and/or technically support the use of multi-factor authentication solutions. – Is it relevant to the identity ecosystem? Yes, all ecosystem participants should provide strong, multi-factor authentication options – Is it realistic? Yes, there are a significant number of existing multi- factor solutions in different forms and technologies; integration with these should not be excessive for ecosystem participants – Is it balanced? Yes, the need for strong, multi-factor authentication options is the primary driver behind the NSTIC and should only improve market growth and delivery of services – Is it measurable or binary? Yes, organizations can clearly and easily state whether or not they provide users access to multi-factor authentication options – Is it technology agnostic? Yes, no specific form or technology is included in the requirements

11 Development Considerations: Artifacts and Resources Many artifacts support requirements development: – The NSTIC; is the cornerstone of IDESG and essential guidance for requirements – Derived Requirements; a set of requirements statements derived from the NSTIC intended to stimulate requirements development – Existing standards, frameworks, and compliance programs; for example PCI-DSS, FICAM, ISO/IEC 27001 provide fertile ground for identification of potential ecosystem requirements – Pilot and operational experience; engage the pilots as participants in the development process

12 Development Considerations: Language and Structure Shall vs should, etc.: – Committee judgment matters: if it’s required, shall is likely appropriate. Use may or should appropriately If/then/else: – The fewer conditionals the better, but if needed, use them Hierarchical/sub-requirements: – This probably makes sense in some contexts, but this should be determined by the needs of the chairs. If committees need conditionals, use them.

13 Development Approach: Privacy Committee Privacy Committee has initiated requirements development Started with the Derived Requirements – Refined and updated to use as “guidance” – Creating more granular requirements based on the derived requirements and committee feedback; referring to these internally as “functional requirements” Incorporated several NSTIC pilots into the discussion to provide input Goal will be a set of requirements for incorporation into the identity ecosystem framework—the initial set may be updated, augmented, and added to as the framework matures Security committee is currently considering a similar approach for their own requirements development

14 Proposed Requirements Catalog Matrix Will be provided to the committees as a template that is intended to: – Capture requirements in a common format – Allow for consistent approaches, language, and structure Must think of these from the point of view of those who will need to consume these – Provides a uniformity and a foundation for the compliance program and ultimately trustmarks – Once IDESG requirements have been established they can then be compared to existing Trust Frameworks and Trust Framework Provider requirements; laying the foundation for streamlined self-assessment and future accreditation programs All information contained in the sample version of the matrix is for ILLUSTRATIVE PURPOSES ONLY

15 IDESG Requirements Catalog # Guiding PrincipleRequirement statement Applies to Source (Std., derived requirements, framework, etc.) Standard or Reference (spec, profile, etc.) Specific control(s), criteria, or additional info (Optional) Establishing Committee Last ModifiedDate Approved Registration Credentialing Authentication Authorization Transaction Intermediation 1 Secure and Resilient Ecosystem participants follow an adopted IDESG information security standard XXXXXNone ISO 27001 Certification None Identified Security Committee 7/28/20147/29/2014 2 Secure and Resilient Ecosystem participants provide and/or technically support the use of multi- factor authentication solutions. XXXNone FIDO U2F specification None Identified Security Committee 7/28/20147/29/2014 3 Secure and Resilient Ecosystem participants utilize credentials that are resistant to theft, tampering, counterfeiting, and exploitation. XX Modified from NSTIC Derived Requirements FICAM Trust Framework Solution (TFS) Trust Framework Provider Adoption Process (TFPAP) V 2.0 Trust Criteria: The authentication process shall resist online guessing threat. The authentication process shall resist replay threat. The authentication process shall resist session hijacking threat. The authentication process shall resist eavesdropping threat. The authentication process shall at least weakly resist man-in-the- middle threat. Security Committee 7/28/20147/29/2014 4 Privacy Enhancing Ecosystem participants determine the necessary quality of data used in identity assurance solutions based on the risk of that transaction, including to the individuals involved X Modified from NSTIC Derived Requirements NoneNone Identified Privacy Committee 7/28/20147/29/2014 5 Interoperable Ecosystem participants utilize an adopted IDESG standards and protocols for the exchange of identity data XXXXX Modified from NSTIC Derived Requirements Fido U2F Specification SAML 2.0 None Identified Standards Committee 7/28/20147/29/2014 Proposed Requirements Catalog Matrix

16 IDESG Requirements Catalog # Guiding PrincipleRequirement statement Applies to Source (Std., derived requirements, framework, etc.) Standard or Reference (spec, profile, etc.) Specific control(s), criteria, or additional info (Optional) Establishing Committee Last ModifiedDate Approved Registration Credentialing Authentication Authorization Transaction Intermediation 1 Secure and Resilient Ecosystem participants follow an adopted IDESG information security standard XXXXXNone ISO 27001 Certification None Identified Security Committee 7/28/20147/29/2014 2 Secure and Resilient Ecosystem participants provide and/or technically support the use of multi- factor authentication solutions. XXXNone FIDO U2F specification None Identified Security Committee 7/28/20147/29/2014 3 Secure and Resilient Ecosystem participants utilize credentials that are resistant to theft, tampering, counterfeiting, and exploitation. XX Modified from NSTIC Derived Requirements FICAM Trust Framework Solution (TFS) Trust Framework Provider Adoption Process (TFPAP) V 2.0 Trust Criteria: The authentication process shall resist online guessing threat. The authentication process shall resist replay threat. The authentication process shall resist session hijacking threat. The authentication process shall resist eavesdropping threat. The authentication process shall at least weakly resist man-in-the- middle threat. Security Committee 7/28/20147/29/2014 4 Privacy Enhancing Ecosystem participants determine the necessary quality of data used in identity assurance solutions based on the risk of that transaction, including to the individuals involved X Modified from NSTIC Derived Requirements NoneNone Identified Privacy Committee 7/28/20147/29/2014 5 Interoperable Ecosystem participants utilize an adopted IDESG standards and protocols for the exchange of identity data XXXXX Modified from NSTIC Derived Requirements Fido U2F Specification SAML 2.0 None Identified Standards Committee 7/28/20147/29/2014 Proposed Requirements Catalog Matrix The NSTIC Guiding Principle that most closely relates to the requirement; there may be more than one 1

17 IDESG Requirements Catalog # Guiding PrincipleRequirement statement Applies to Source (Std., derived requirements, framework, etc.) Standard or Reference (spec, profile, etc.) Specific control(s), criteria, or additional info (Optional) Establishing Committee Last ModifiedDate Approved Registration Credentialing Authentication Authorization Transaction Intermediation 1 Secure and Resilient Ecosystem participants follow an adopted IDESG information security standard XXXXXNone ISO 27001 Certification None Identified Security Committee 7/28/20147/29/2014 2 Secure and Resilient Ecosystem participants provide and/or technically support the use of multi- factor authentication solutions. XXXNone FIDO U2F specification None Identified Security Committee 7/28/20147/29/2014 3 Secure and Resilient Ecosystem participants utilize credentials that are resistant to theft, tampering, counterfeiting, and exploitation. XX Modified from NSTIC Derived Requirements FICAM Trust Framework Solution (TFS) Trust Framework Provider Adoption Process (TFPAP) V 2.0 Trust Criteria: The authentication process shall resist online guessing threat. The authentication process shall resist replay threat. The authentication process shall resist session hijacking threat. The authentication process shall resist eavesdropping threat. The authentication process shall at least weakly resist man-in-the- middle threat. Security Committee 7/28/20147/29/2014 4 Privacy Enhancing Ecosystem participants determine the necessary quality of data used in identity assurance solutions based on the risk of that transaction, including to the individuals involved X Modified from NSTIC Derived Requirements NoneNone Identified Privacy Committee 7/28/20147/29/2014 5 Interoperable Ecosystem participants utilize an adopted IDESG standards and protocols for the exchange of identity data XXXXX Modified from NSTIC Derived Requirements Fido U2F Specification SAML 2.0 None Identified Standards Committee 7/28/20147/29/2014 Proposed Requirements Catalog Matrix 2 A concise statement of the requirement (those contained in this document are for illustrative purposes only)

18 IDESG Requirements Catalog # Guiding PrincipleRequirement statement Applies to Source (Std., derived requirements, framework, etc.) Standard or Reference (spec, profile, etc.) Specific control(s), criteria, or additional info (Optional) Establishing Committee Last ModifiedDate Approved Registration Credentialing Authentication Authorization Transaction Intermediation 1 Secure and Resilient Ecosystem participants follow an adopted IDESG information security standard XXXXXNone ISO 27001 Certification None Identified Security Committee 7/28/20147/29/2014 2 Secure and Resilient Ecosystem participants provide and/or technically support the use of multi- factor authentication solutions. XXXNone FIDO U2F specification None Identified Security Committee 7/28/20147/29/2014 3 Secure and Resilient Ecosystem participants utilize credentials that are resistant to theft, tampering, counterfeiting, and exploitation. XX Modified from NSTIC Derived Requirements FICAM Trust Framework Solution (TFS) Trust Framework Provider Adoption Process (TFPAP) V 2.0 Trust Criteria: The authentication process shall resist online guessing threat. The authentication process shall resist replay threat. The authentication process shall resist session hijacking threat. The authentication process shall resist eavesdropping threat. The authentication process shall at least weakly resist man-in-the- middle threat. Security Committee 7/28/20147/29/2014 4 Privacy Enhancing Ecosystem participants determine the necessary quality of data used in identity assurance solutions based on the risk of that transaction, including to the individuals involved X Modified from NSTIC Derived Requirements NoneNone Identified Privacy Committee 7/28/20147/29/2014 5 Interoperable Ecosystem participants utilize an adopted IDESG standards and protocols for the exchange of identity data XXXXX Modified from NSTIC Derived Requirements Fido U2F Specification SAML 2.0 None Identified Standards Committee 7/28/20147/29/2014 Proposed Requirements Catalog Matrix 3 The core operations to which the requirement applies (may be one or many); will be hyperlinked to a separate page that lists the functions and definitions of each core operation (registration shown below)

19 IDESG Requirements Catalog # Guiding PrincipleRequirement statement Applies to Source (Std., derived requirements, framework, etc.) Standard or Reference (spec, profile, etc.) Specific control(s), criteria, or additional info (Optional) Establishing Committee Last ModifiedDate Approved Registration Credentialing Authentication Authorization Transaction Intermediation 1 Secure and Resilient Ecosystem participants follow an adopted IDESG information security standard XXXXXNone ISO 27001 Certification None Identified Security Committee 7/28/20147/29/2014 2 Secure and Resilient Ecosystem participants provide and/or technically support the use of multi- factor authentication solutions. XXXNone FIDO U2F specification None Identified Security Committee 7/28/20147/29/2014 3 Secure and Resilient Ecosystem participants utilize credentials that are resistant to theft, tampering, counterfeiting, and exploitation. XX Modified from NSTIC Derived Requirements FICAM Trust Framework Solution (TFS) Trust Framework Provider Adoption Process (TFPAP) V 2.0 Trust Criteria: The authentication process shall resist online guessing threat. The authentication process shall resist replay threat. The authentication process shall resist session hijacking threat. The authentication process shall resist eavesdropping threat. The authentication process shall at least weakly resist man-in-the- middle threat. Security Committee 7/28/20147/29/2014 4 Privacy Enhancing Ecosystem participants determine the necessary quality of data used in identity assurance solutions based on the risk of that transaction, including to the individuals involved X Modified from NSTIC Derived Requirements NoneNone Identified Privacy Committee 7/28/20147/29/2014 5 Interoperable Ecosystem participants utilize an adopted IDESG standards and protocols for the exchange of identity data XXXXX Modified from NSTIC Derived Requirements Fido U2F Specification SAML 2.0 None Identified Standards Committee 7/28/20147/29/2014 Proposed Requirements Catalog Matrix 4 Source of the requirement (if adapted from an existing document)

20 IDESG Requirements Catalog # Guiding PrincipleRequirement statement Applies to Source (Std., derived requirements, framework, etc.) Standard or Reference (spec, profile, etc.) Specific control(s), criteria, or additional info (Optional) Establishing Committee Last ModifiedDate Approved Registration Credentialing Authentication Authorization Transaction Intermediation 1 Secure and Resilient Ecosystem participants follow an adopted IDESG information security standard XXXXXNone ISO 27001 Certification None Identified Security Committee 7/28/20147/29/2014 2 Secure and Resilient Ecosystem participants provide and/or technically support the use of multi- factor authentication solutions. XXXNone FIDO U2F specification None Identified Security Committee 7/28/20147/29/2014 3 Secure and Resilient Ecosystem participants utilize credentials that are resistant to theft, tampering, counterfeiting, and exploitation. XX Modified from NSTIC Derived Requirements FICAM Trust Framework Solution (TFS) Trust Framework Provider Adoption Process (TFPAP) V 2.0 Trust Criteria: The authentication process shall resist online guessing threat. The authentication process shall resist replay threat. The authentication process shall resist session hijacking threat. The authentication process shall resist eavesdropping threat. The authentication process shall at least weakly resist man-in-the- middle threat. Security Committee 7/28/20147/29/2014 4 Privacy Enhancing Ecosystem participants determine the necessary quality of data used in identity assurance solutions based on the risk of that transaction, including to the individuals involved X Modified from NSTIC Derived Requirements NoneNone Identified Privacy Committee 7/28/20147/29/2014 5 Interoperable Ecosystem participants utilize an adopted IDESG standards and protocols for the exchange of identity data XXXXX Modified from NSTIC Derived Requirements Fido U2F Specification SAML 2.0 None Identified Standards Committee 7/28/20147/29/2014 Proposed Requirements Catalog Matrix 5 Candidate standards, protocols, or profiles that can be used to fulfill the stated requirement or referenced to illustrate conformance with the requirement; not all requirements will have existing standards (etc.) to reference

21 IDESG Requirements Catalog # Guiding PrincipleRequirement statement Applies to Source (Std., derived requirements, framework, etc.) Standard or Reference (spec, profile, etc.) Specific control(s), criteria, or additional info (Optional) Establishing Committee Last ModifiedDate Approved Registration Credentialing Authentication Authorization Transaction Intermediation 1 Secure and Resilient Ecosystem participants follow an adopted IDESG information security standard XXXXXNone ISO 27001 Certification None Identified Security Committee 7/28/20147/29/2014 2 Secure and Resilient Ecosystem participants provide and/or technically support the use of multi- factor authentication solutions. XXXNone FIDO U2F specification None Identified Security Committee 7/28/20147/29/2014 3 Secure and Resilient Ecosystem participants utilize credentials that are resistant to theft, tampering, counterfeiting, and exploitation. XX Modified from NSTIC Derived Requirements FICAM Trust Framework Solution (TFS) Trust Framework Provider Adoption Process (TFPAP) V 2.0 Trust Criteria: The authentication process shall resist online guessing threat. The authentication process shall resist replay threat. The authentication process shall resist session hijacking threat. The authentication process shall resist eavesdropping threat. The authentication process shall at least weakly resist man-in-the- middle threat. Security Committee 7/28/20147/29/2014 4 Privacy Enhancing Ecosystem participants determine the necessary quality of data used in identity assurance solutions based on the risk of that transaction, including to the individuals involved X Modified from NSTIC Derived Requirements NoneNone Identified Privacy Committee 7/28/20147/29/2014 5 Interoperable Ecosystem participants utilize an adopted IDESG standards and protocols for the exchange of identity data XXXXX Modified from NSTIC Derived Requirements Fido U2F Specification SAML 2.0 None Identified Standards Committee 7/28/20147/29/2014 Proposed Requirements Catalog Matrix A specific control or additional detail from an existing standard, protocol, or specification that can be used to further illustrate conformance with the stated requirement 6

22 IDESG Requirements Catalog # Guiding PrincipleRequirement statement Applies to Source (Std., derived requirements, framework, etc.) Standard or Reference (spec, profile, etc.) Specific control(s), criteria, or additional info (Optional) Establishing Committee Last ModifiedDate Approved Registration Credentialing Authentication Authorization Transaction Intermediation 1 Secure and Resilient Ecosystem participants follow an adopted IDESG information security standard XXXXXNone ISO 27001 Certification None Identified Security Committee 7/28/20147/29/2014 2 Secure and Resilient Ecosystem participants provide and/or technically support the use of multi- factor authentication solutions. XXXNone FIDO U2F specification None Identified Security Committee 7/28/20147/29/2014 3 Secure and Resilient Ecosystem participants utilize credentials that are resistant to theft, tampering, counterfeiting, and exploitation. XX Modified from NSTIC Derived Requirements FICAM Trust Framework Solution (TFS) Trust Framework Provider Adoption Process (TFPAP) V 2.0 Trust Criteria: The authentication process shall resist online guessing threat. The authentication process shall resist replay threat. The authentication process shall resist session hijacking threat. The authentication process shall resist eavesdropping threat. The authentication process shall at least weakly resist man-in-the- middle threat. Security Committee 7/28/20147/29/2014 4 Privacy Enhancing Ecosystem participants determine the necessary quality of data used in identity assurance solutions based on the risk of that transaction, including to the individuals involved X Modified from NSTIC Derived Requirements NoneNone Identified Privacy Committee 7/28/20147/29/2014 5 Interoperable Ecosystem participants utilize an adopted IDESG standards and protocols for the exchange of identity data XXXXX Modified from NSTIC Derived Requirements Fido U2F Specification SAML 2.0 None Identified Standards Committee 7/28/20147/29/2014 Proposed Requirements Catalog Matrix 78 The establishing committee, date the requirement was last modified, and the date the document was last approved 9

23 Proposed Requirements Lifecycle Provides a high level over view of a potential approach to creating, consolidating, approving, and refreshing Identity Ecosystem Framework Requirements

24 Proposed Requirements Lifecycle Privacy Committee Privacy Committee Security Committee UX Committee Standards Committee TFTM Consolidates Self-Assessment and Attestation Program Requirements “Catalog” Produces Identify Adopted Standards Requirements Standards Develops Self-Assessment and Attestation Program 2014 Identity Ecosystem Framework Requirements “Catalog” Periodic Review and Update Standards Committee Consolidates Plenary Approval Process Standards Adoption Process Functional Model Develops Informs Met with Source of

25 Privacy Committee Privacy Committee Security Committee UX Committee Standards Committee TFTM Consolidates Self-Assessment and Attestation Program Requirements “Catalog” Produces Identify Adopted Standards Requirements Standards Develops Self-Assessment and Attestation Program 2014 Identity Ecosystem Framework Requirements “Catalog” Periodic Review and Update Standards Committee Consolidates Plenary Approval Process Standards Adoption Process Functional Model Develops Informs Proposed Requirements Lifecycle 1 Committees produce requirements 1 Met with Source of

26 Privacy Committee Privacy Committee Security Committee UX Committee Standards Committee TFTM Consolidates Self-Assessment and Attestation Program Requirements “Catalog” Produces Identify Adopted Standards Requirements Standards Develops Self-Assessment and Attestation Program 2014 Identity Ecosystem Framework Requirements “Catalog” Periodic Review and Update Standards Committee Consolidates Plenary Approval Process Standards Adoption Process Functional Model Develops Informs Proposed Requirements Lifecycle 2 TFTM consolidates committee requirements 2 Met with Source of

27 Proposed Requirements Lifecycle TFTM produces self assessment documentation (questionnaire, assessment criteria, etc.) and requirements catalog 3 Privacy Committee Privacy Committee Security Committee UX Committee Standards Committee TFTM Consolidates Self-Assessment and Attestation Program Requirements “Catalog” Produces Identify Adopted Standards Requirements Standards Develops Self-Assessment and Attestation Program 2014 Identity Ecosystem Framework Requirements “Catalog” Periodic Review and Update Standards Committee Consolidates Plenary Approval Process Standards Adoption Process Functional Model Develops Informs 3 Met with Source of

28 Privacy Committee Privacy Committee Security Committee UX Committee Standards Committee TFTM Consolidates Self-Assessment and Attestation Program Requirements “Catalog” Produces Identify Adopted Standards Requirements Standards Develops Self-Assessment and Attestation Program 2014 Identity Ecosystem Framework Requirements “Catalog” Periodic Review and Update Standards Committee Consolidates Plenary Approval Process Standards Adoption Process Functional Model Develops Informs Proposed Requirements Lifecycle 4 Requirements catalog, self-assessment documentation are approved through the plenary 4 Met with Source of

29 Proposed Requirements Lifecycle Requirements are periodically reviewed and updated as necessary by the committees; dependent documents are subsequently updated and approved. 5 Privacy Committee Privacy Committee Security Committee UX Committee Standards Committee TFTM Consolidates Self-Assessment and Attestation Program Requirements “Catalog” Produces Identify Adopted Standards Requirements Standards Develops Self-Assessment and Attestation Program 2014 Identity Ecosystem Framework Requirements “Catalog” Periodic Review and Update Standards Committee Consolidates Plenary Approval Process Standards Adoption Process Functional Model Develops Informs 5 Met with Source of

30 Proposed Requirements Lifecycle Security committee develops functional model and standards committee manages standards adoption process A&BA&B Privacy Committee Privacy Committee Security Committee UX Committee Standards Committee TFTM Consolidates Self-Assessment and Attestation Program Requirements “Catalog” Produces Identify Adopted Standards Requirements Standards Develops Self-Assessment and Attestation Program 2014 Identity Ecosystem Framework Requirements “Catalog” Periodic Review and Update Standards Committee Consolidates Plenary Approval Process Standards Adoption Process Functional Model Develops Informs B A Met with Source of

31 Suggested Milestones Decision to progress with self-assessment and attestation compliance program – TFTM consensus decision 28 May 2014 Finalize and approve standards adoption policy – Standards committee; September 2014 Develop GP based requirements– Security, Standards, UX, Privacy – Security, privacy, UX, and standards committees; November 2014 Consolidate requirements – TFTM; November 2014 Finalize self assessment documentation – TFTM; December 2014 Plenary approval of requirements catalog – Plenary; January 2015 Plenary approval of self-assessment documentation – Plenary; January 2015

32 Questions/Discussion?

Download ppt "Requirements Development & Template Presentation to All Chairs 8/12/2014."

Similar presentations

TFTM 01-02 TFTM Committee working call to discuss how to describe the “IDESG-Acknowledged Identity Ecosystem” in its interim or long term state. 2013 October.

TFTM TFTM Committee working call to discuss how to describe the “IDESG-Acknowledged Identity Ecosystem” in its interim or long term state October.
TFTM 01-06 Interim Trust Mark/Listing Approach Paper Discussion Deck TFTM Committee IDESG Plenary Meeting January 14, 2014 1-14-2014IDESG TFTM Committee1.

TFTM Interim Trust Mark/Listing Approach Paper Discussion Deck TFTM Committee IDESG Plenary Meeting January 14, IDESG TFTM Committee1.
This work was performed under the following financial assistance award 70NANB13H189 from the U.S. Department of Commerce, National Institute of Standards.

This work was performed under the following financial assistance award 70NANB13H189 from the U.S. Department of Commerce, National Institute of Standards.
Recommendations on Certification of EHR Modules HIT Standards Committee Privacy and Security Workgroup April 11, 2014.

Recommendations on Certification of EHR Modules HIT Standards Committee Privacy and Security Workgroup April 11, 2014.
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
IDESG Goals & Work-plans for 2013 and beyond Brett McDowell IDESG Management Council Chair

IDESG Goals & Work-plans for 2013 and beyond Brett McDowell IDESG Management Council Chair
TFTM Sub-Committee 01-06 What do we need for the IDESG Trust Mark Program Discussion Deck TFTM Committee April 16, 2014 4-16-2014IDESG TFTM Committee1.

TFTM Sub-Committee What do we need for the IDESG Trust Mark Program Discussion Deck TFTM Committee April 16, IDESG TFTM Committee1.
Proposed Workflow IDESG Self-Assessment and Attestation Program For TFP’s Discussion Deck TFTM Committee 09/23/14 17-16-2014.

Proposed Workflow IDESG Self-Assessment and Attestation Program For TFP’s Discussion Deck TFTM Committee 09/23/
Framework Planning Draft 1 Jack Suess Ian Glazer Peter Alterman Andrew Hughes Michael Garcia.

Framework Planning Draft 1 Jack Suess Ian Glazer Peter Alterman Andrew Hughes Michael Garcia.
Security Controls – What Works

Security Controls – What Works
Federal Information Processing Standard (FIPS) 201, Personal Identity Verification for Federal Employees and Contractors Tim Polk May.

Federal Information Processing Standard (FIPS) 201, Personal Identity Verification for Federal Employees and Contractors Tim Polk May.
User Authentication Recommendations Transport & Security Standards Workgroup December 10, 2014.

User Authentication Recommendations Transport & Security Standards Workgroup December 10, 2014.
RC14001 ® Update GPCA Responsible Care Committee September 23, 2013.

RC14001 ® Update GPCA Responsible Care Committee September 23, 2013.
Opportunities & Implications for Turkish Organisations & Projects

Opportunities & Implications for Turkish Organisations & Projects
1 Data Strategy Overview Keith Wilson Session 15.

1 Data Strategy Overview Keith Wilson Session 15.
ISO 9001:2015 Revision overview - General users

ISO 9001:2015 Revision overview - General users
Justice Information Network Strategic Plan Development Justice Information Network Board March 18, 2008 Mo West, JIN Program Manager.

Justice Information Network Strategic Plan Development Justice Information Network Board March 18, 2008 Mo West, JIN Program Manager.
SCC Activities C. Tilton. Standards Are applied to SOMETHING Within some CONTEXT Something = ID Ecosystem Context = Use Cases 2.

SCC Activities C. Tilton. Standards Are applied to SOMETHING Within some CONTEXT Something = ID Ecosystem Context = Use Cases 2.
Environmental Impact Assessment (EIA): Overview

Environmental Impact Assessment (EIA): Overview
Functional Model Workstream 1: Functional Element Development.

Functional Model Workstream 1: Functional Element Development.

Similar presentations

Ads by Google