IEEE Systems and Software Engineering Standards Committee (S2ESC)

Executive Committee

Minutes of Meeting # 122

Teleconference Date: Tuesday 14 June, 2005

 

Attendees:

Paul Croll, Chair

Kathy Land, Secretary

John Daniel

Jack Cole

Keith Middleton

Joe Jarzombek

John Walz

Dennis Lawrence

Mary Beth Chrissis

 

Purpose

 

The purpose of the teleconference is to do the following:

 

Address S2ESC management issues

Review progress of ongoing projects

Review action items

 

Agenda Item Summary

 

S2ESC Mailing List (Email reflector)

 

S2ESC has experienced problems with its recent ballot for the election of Management Board members.  John Daniel committed to researching the online enrollment of S2ESC members and the maintenance.  He took an action item to research this and report back to S2ESC ExCom.

 

IEEE SA Liaison [A. Ortiz]

 

Ballot status/issues

 

Keith Middleton presented the group with a status of 1074: Invitation to ballot was closed.  Document targeted to come out of mandatory editorial review 19 June.  The ballot is targeted to begin around the first of July.

 

PAR issues

 

No report.

 

Status Reports

 

Management Board [Schultz]

 

David Schultz is on vacation and his report is attached. 

 

Ukranian Software Engineering Training Center [Bura]

 

No report.

 

S2ESC Web Page [Henley]

 

No report.

 

Quality Management Interfaces [Walz/Duncan]

 

Scott Duncan sent out a revised version of 90003 to the study group.  90003 maps all 12207 processes to ISO 9001.  John has concerns that we need to engage the working group chairs in order to support due diligence, balloting might clean up some of the references, but he is leery about leaving this to the balloting phase.

 

High Integrity Systems [Moore/Croll]

 

ISO/IEC 15026 revision

 

ISO/IEC 15026 revision – S2ESC wanted to use the revision of 15026 as a way to develop an umbrella standard for our high integrity issues offering the draft to SC7.  The current standard is very safety focused.  Canada has proposed a new editor, Barbara Huisman.  She agreed that someone should write the initial draft while she coordinated the ballot and responses to comments. Paul Croll has taken the action to write this initial draft.

 

DHS/DoD Software Assurance Initiatives

 

Joe Jarzombek is trying to ensure that there is a S2ESC presence in these activities.  Jim and Paul both participated in the most recent software assurance forum.  Individuals interested in participating should contact Jim or Paul. 

 

Jim has already identified some of the needed changes; yet we need to address a broader portfolio of standards.  Specifically (and as a minimum), we need to include relevant standards from:  ISO SC7 / SC27 / SC22, IEEE CS S2ESC and IASC, NIST, Open Group, CNSS.  As noted in the attached presentation, INCITS is taking a much more deliberate role in evolving cyber security standards for ISO via SC27 CS1.  NIST (Stu Katzke) is partnering with IEEE CS IASC (Jack Cole) to translate NIST cybersecurity standards into IEEE IA standards.  Joe Bergman and Glen Logan will help with Open Group standards.  I also have agreement from Vic Maconahy from NSA to get SwA embedded in the CNSS standards and review the need to develop a new CNSS 4000 series standard on SwA.

 

Paul Croll reminded us of the importance of having bi-directional liaisons, particularly at the WG9 level.  Jack Cole described a current effort to develop an overall architecture for the IA standards.  He will summarize these activities and send an email to the S2ESC group. 

 

Jack Cole, Paul Croll, and Joe Jarzombek agreed that much would be gained by their groups working together.  Jim Moore was nominated to take the lead to establish this informal group, called the cyber security group.  All agreed that a face-to-face meeting would be ideal, preferably prior (or coincident) to the August meeting.  Target of the week of August 1^st, meeting somewhere in the DC area, Joe took the action item to set up this meeting and to contact Jim regarding his leadership role.

 

Joe will be talking with Tim Grance from NIST this week since he is responsible for all the Technical Guidance at NIST, Joan Hash is responsible for the Management Guidance (see the Computer Security Resource Center:  http://csrc.nist.gov/staff.html. CSRC falls under the Information Technology Laboratory:  http://www.itl.nist.gov/. Ed Roback (Tim Grance's Group) and Mark Hall (Mike Kass's Group - http://www.itl.nist.gov/div897/sdct_staff.html) are two groups within the ITL.

 

S2ESC Document revisions/Compliance with IEEE-SA Model P&P [Croll/Duncan]

 

We are getting a lot of pressure from IEEE SA Audcom to verify that our Policies and Procedures conform to the IEEE model P&P.  Kathy Land mentioned that according to statements coming from the recent SA/AudCom meeting sponsors who have not submitted their P&P to AudCom will be blocked from standards development. Paul attempted the initial mapping without much success; there is not a direct easily reached correlation in several areas.  Paul is now working on taking the model P&P and working up a draft for ExCom approval so that S2ESC can present a draft to AudCom.

 

Summer Meeting Planning [All]

 

The meetings are generally conducted in August.  The meetings will be held the week of August 8^th, with the 8^th for the Management Board, and the 9-11th for ExCom meetings.  These meetings will be held at the Yankee Clipper in Fort Lauderdale, Fl. 

 

Action Item Status and Discussion [Croll/Land]

 

Please refer to action item listing which is attached.

 

Next teleconference:            Tuesday, 19 July 2005, 12:30 PM EDT