Status of Auditing Guidelines Document Oct. 15 Yoshio Tanaka, AIST.

Slides:

Advertisements

Similar presentations

2 nd APGrid PMA F2F Meeting Osaka University Convention Center October 15 09: :20 # Participants: 26.

Advertisements

International Grid Trust Federation Session GGF 20 Manchester, UK Wednesday, May CAOPS-WG session #2.

Template Profile Jens Jensen, STFC RAL GridNet2/ UK e-Science CA OGF22 Boston.

© 2007 Open Grid Forum CAOPS-WG Christos Kanellopoulos - Yoshio Tanaka Security Area coordination & outreach OGF25, Catania March 2 nd – 3 rd, 2009.

Preparing for Confirmation of Candidature

Classic X.509 secured profile version 4.2 Proposed Changes David Groep, Apr 20 th, 2009.

A Self Study Process for WCEA Catholic High Schools

How Tags are used to form your Web Page

Page and Section Breaks, Word 2000

1 ASGCCA Self-Audit Report APGridPMA Jinny Chien March

CRiLLS Student Workshop Series Preparing for your Viva Clare Wright (ELLL, SML, ECLS)

National Institute of Advanced Industrial Science and Technology Proposals for auditing Yoshio Tanaka Grid Technology Research.

Resource PKI: Certificate Policy & Certification Practice Statement Dr. Stephen Kent Chief Scientist - Information Security.

National Institute of Advanced Industrial Science and Technology Auditing, auditing template and experiences on being audited Yoshio Tanaka

Project Workshops Assessment. 2 Deadlines and Deliverables No later than 16:00 on Tuesday, Week 21 in the Easter Term (second Tuesday) This is a hard.

Oct. 30, 2003CS WPI1 CS 509 Design of Software Systems Lecture #9 Thursday, Oct. 30, 2003.

SQA Work Procedures.

PYP002 Intro.to Computer Science Microsoft Word1 Lab 07 Creating Documents with Efficiency and Consistency.

The Project AH Computing. Functional Requirements  What the product must do!  Examples attractive welcome screen all options available as clickable.

Business Memo purpose of writer needs of reader Memos solve problems

Compliance Monitoring Audit Tutorial Version 1.0 April 2013.

VGFOA, June 2006 Single Audit and Yellow Book Update VGFOA, June 2006 With Greg L. Akers Senior Manager, Richmond Office.

Moodle (Course Management Systems). Assignments 1 Assignments are a refreshingly simple method for collecting student work. They are a simple and flexible.

Peer Edit Day Today’s Quiz Grade: 50 points= two peer edits of a student draft 50 points= complete rough draft * MLA format of all parts * minimum of 4-5.

LXI Standard Evolution David Owen, Technical Committee Chair LXI Consortium Business Development Manager Pickering Interfaces

National Institute of Advanced Industrial Science and Technology Self-audit report of AIST GRID CA Yoshio Tanaka Information.

March 27, 2006TAGPMA - Rio de Janeiro1 Short Lived Credential Services Profile Tony J. Genovese The Americas Grid PMA DOEGridsATF/ESnet/LBNL.

NECTEC-GOC CA Self Audit 7 th APGrid PMA Face-to-Face meeting March 8 th, 2010 Large-Scale Simulation Research Laboratory Sornthep Vannarat Large-Scale.

12 Developing a Web Site Section 12.1 Discuss the functions of a Web site Compare and contrast style sheets Apply cascading style sheets (CSS) to a Web.

Thesis Format and Submission

@2002 Copyright, Itreya Technologies CMMI kick off July 2005.

A Brief Overview of draft-ietf-sidr-cp-01.txt draft-ietf-sidr-cps-rirs-01.txt draft-ietf-sidr-cps-isp-00.txt Steve Kent BBN Technologies.

Company Confidential Registration Management Committee (RMC) AS9104/2A Presentation San Diego, CA January 17, 2013 Tim Lee The Boeing Company 1 Other Party.

Sam Morrison APAC CA – APGridPMA - ISGC2010 APAC CA Self Audit and status update Sam Morrison ARCS.

KFKI RMKI CA Review EUGridPMA May 26-28, Copenhagen Szabolcs Hernáth MTA KFKI RMKI pki.kfki.hu.

© 2003 The MITRE Corporation. All rights reserved For Internal MITRE Use Addressing ISO-RTO e-MARC Concerns: Clarifications and Ramifications Response.

Configuration Management and Change Control Change is inevitable! So it has to be planned for and managed.

National Institute of Advanced Industrial Science and Technology Some topics from the OGF20 and the EUGrid PMA F2F Meeting Yoshio Tanaka Grid Technology.

International Grid Trust Federation Session GGF 20 Manchester, UK Wednesday, May CAOPS-WG session #2.

BID OPENER 1 LOGS IN Dept user/Evaluator Logs in.

Chapter 3 Memos.

NECTEC-GOC CA The 3 rd APGrid PMA face-to-face meeting. June, Suriya U-ruekolan National Electronics and Computer Technology Center, Thailand.

Word Create a basic TOC. Course contents Overview: table of contents basics Lesson 1: About tables of contents Lesson 2: Format your table of contents.

APGrid PMA face-to-face meeting, 9/16/2008 PRAGMA-UCSD CA Team Pacific Rim Application and Grid Middleware Assembly

How the NCSX Project Does Business

Texas 4-H Recordkeeping, H Record Books …. and beyond Information provided by: Darlene Locke Extension Specialist – 4-H Youth Development.

0 NAREGI CA Status Report APGrid F2F meeting in Singapore June 4, 2007 Rumiko Masuko.

MICS Authentication Profile Maintenance & Update Presented for review and discussion to the TAGPMA On 1May09 by Marg Murray.

APGridPMA Update Eric Yen APGridPMA August, 2014.

Baltic Grid Certification Authority 15th EUGridPMA, January 28th 2009, Nicosia1 Self-audit Hardi Teder EENet.

BG.ACAD CA HTTP :// CA. ACAD. BG S ELF - AUDIT REPORT 2014 Vladimir Dimitrov IICT-BAS ( 32 nd EUGridPMA Meeting Poznan, 8-10.

Learning & Language Modules: Learning strategies Neuropsychology of Learning; Left & Right Brain Individual learning style & 7 Intelligence Profile Language.

18 th EUGridPMA, Dublin / SRCE CA Self Audit SRCE CA Self Audit Emir Imamagić SRCE Croatia.

HellasGrid CA self Audit. In general We do operations well Our policy documents need work (mostly to make the text clearer in a few sections) 2.

Company Confidential Registration Management Committee RMC Auditor Workshop Charleston, SC July Ballot: What is it all about? Information.

Updates from the EUGridPMA David Groep, Oct 17 st, 2007.

DOEGrids Audit Report Michael Helm 1 Networking for the Future of Science Energy Sciences Network Lawrence Berkeley National Laboratory 10 May 2009.

Texas 4-H Recordkeeping, H Record Books …. and beyond

CSC Expense Concur Application User Guide Netherlands March 2013

Updates of the APGrid PMA

Guidelines for auditing Grid CAs

ISO 9001:2015 Auditor / Registration Decision Lessons Learned

Update on the Developments in Government Auditing Standards

12/1/2018 9:27 PM Chapter 3 Margins Margins are the white regions around the text on a page. © 2013 EMC Publishing, LLC.

Geant4 Documentation Geant4 Workshop 4 October 2002 Dennis Wright

Bill Yau HKU Grid Certificate Authority (HKU Grid CA) Self Audit & Status Report Bill Yau

USOAP Continuous Monitoring Approach (CMA) Workshop

TECHNICAL REPORTS WRITING

BG.ACAD CA Self-audit report 2018

Texas 4-H Recordkeeping, H Record Books …. and beyond

Presentation transcript:

Status of Auditing Guidelines Document Oct. 15 Yoshio Tanaka, AIST

No progress since public comments… Public comments: March 2 nd to April 1 st, Nine comments were submitted, four of them were just I support this document.

Review comments (1/5) Technical – the included checklist (chapter 3 "Auditing checklist") is a list against an old outdated Classic AP. Update is needed to reflect the current (Classic) AP – also the document does not state that it must be updated when there is a newer version of the Classic AP available than it references – the "Auditing checklist" would be of more use if it is split out into a separate referenced document or appendix in spreadsheet format; this way it is easier to create additional spreadsheets for the other IGTF-APs and include them as appendix or external reference as well Layout nit-picks: – all bullets of bulleted lists should be standard bullet dots – for smoother reading all the text paragraphs should be printed justified

Review Comments (2/5) I used an earlier version of this document during an audit of the DOEGrids CA, and the first thing we did was to create a spread sheet of the check list. I would keep the current form which is more readable and add a reference document that has it in spread sheet form where the auditors would have space to add their comments. The addition of the rfc 2527 paragraph numbers is helpful for those CAs that have not updated their CPS. Would it be possible to add a reference to the IGTF Audit checklist for Grid CAs Version 4.1. I didn't find it starting from the IGTF home page.

Review Comments (3/5) In reality there is a need for one spreadsheet per Authentication Profile: Classic, MICS & SLCS. Keeping and more important maintaining up- to date information duplicated in two or more documents in different formats is a lot of effort.

Review Comments (4/5) I think that this document presents valuable information for the grid operation community. I support this document. Below is minor comment: – The checklist (15) defines how to keep the pass phrase of the encrypted private key, but the evaluation method describes an evaluation method for the CA private key backup. – There is a TYPO, "??", in the table of the checklist (23).

Review Comments (5/5) I used a preliminary version of this document a year ago while performing an internal audit (self-review) of the KFKI RMKI CA, and found it very useful. Some minor comments: – this document should come in many flavours, one for each AP. Each of those should bear the version of the corresponding AP in their name – consequently, the Auditing Guideline documents should be revised & updated every time the corresponding AP changes (i.e. following every PMA meeting:) – I agree on the usefulness of spreadsheet versions – two short remarks on particular checklist items: Is there a single CA organization per country, large region or international organization? This should rather be discussed within the PMAs, and in some cases could be hard to judge/assess for an external auditor. (52) How is the procedure of auditing described in the CP/CPS? (for RFC 3647) This might seem out of place here as this is the very document that describes such an audit - CPS documents, on the other hand, are written against APs, RFCs and minimum requirements, and may or may not comply with anything written here abut the specifics of an audit. Perhaps the audit requirements / specifications described in a CPS (if there are any) could be recorded in the pre-examination phase of an audit?