Attendees
- Abdul Sattar
- Chuck Curran
- Drummond Reed
- Ken Adler, Co-chair
- Kaliya Young, WG Co-chair
- Jan Lindquist
- Trev Harmon, PM
Agenda Items
Time | Item | Who |
---|---|---|
2 min | Welcome & Antitrust Policy Notice | Trev |
2 min | Assignment of a "glossarist" | Trev |
Draft Review | Everyone |
Recording - Link
Notes
- IP and antitrust notification.
- Determined who would act as our “glossarist”. The glossary is found at: https://docs.google.com/document/d/1Kznth0dRg2xdFe9MX0p4rE-FLI0w_Nmt1ceip9gdMmo/
- The group decided to start the review of our draft with Problem #8 (Information Security).
- We decided that the “MUST” language around standards such as 2700x would be too exclusionary for smaller companies, and so changed it to a “SHOULD”.
- We discussed the difference between the statements regarding the disclosure of what standards people are following vs. the specific policies used to enact those policies.
- We discussed the different ways that the word “audit” might be being used. There is a need for auditability, but we also want to make sure that PII isn’t accidentally being leaked through debugging pathways, such as system logs.
- Chuck noted that some of our language may be repeats of implied or explicit requirements mandated elsewhere in our draft.
- We discussed how prescriptive we wanted to be on some topics, such as audit requirements, beyond the looser requirement that organizations have detailed their security plans.
Chat Log
Action Items
- Continue work on the draft.