Guidelines Development Committee (TGDC)
Security and Transparency Subcommittee (STS) Teleconference *
August 14, 2007, 10:30 a.m.
Administrative/Logistical Updates for upcoming 8/17 plenary (Allan)
2) Overview of the draft VVSG document and Companion Executive Summary
3) Other Items
Alicia Scott Morrison, Allan Eustis, Andrew Regensheid, Angela Orbaugh,
Barbara Guttman, Helen Purcell, John Wack, Mat Masterson, Neil Erikson,
Nelson Hastings, Philip Pearce, Quynh Dang, Rene Peralta, Rene Peralta,
Sharon Laskowski, Wendy Havens
Updates (Allan Eustis):
STS teleconference was opened up to the TGDC as a whole to do a high
level review of the VVSG.
TGDC plenary meeting will begin at 11:25 a.m. ET. Dr. Jeffrey, Tricia
Mason, Commissioner Davison and NIST staff will be participating from
NIST, the rest of the TGDC will join by teleconference.
will be doing a dry run on Thursday (8/16//07) at 3:00 p.m. Members
are invited to call in at 4:00 p.m. to test the TRACE hand raising
have been 5 resolutions proposed for the meeting. Three to approve
each subcommittee section of the report, one to approve the report
as a whole for final editing, and one to recognize the importance
of the innovation class and to emphasis that to the EAC. At this meeting,
Helen Purcell proposed a sixth resolution to thank Dr. Jeffrey for
his participation and leadership of the TGDC.
report used to be divided into 6 volumes - it has been changed and
divided into parts.
has been continued confusion over the glossary - the name has been
changed to reflect that these are words with special meaning in the
VVSG now contains a complete table of all the requirements at the
beginning of the document.
"Introduction" is a work in progress. It is an introduction
to the document about what it contains, about what's changed since
last iteration, about what the foundation is we're building on. We're
hoping the report can accommodate change.
2-2 in the intro shows the importance of the requirement on IVVR for
1 of the document is devoted to requirements for devices. John explained
the class structure in detail. This is also the section that covers
SI and IVVR.
suggested that reading Chapter 3 regarding the benchmarks would be
helpful to committee members since Whitney Quesenbery will be discussing
at plenary. Sharon L. pointed out that most requirements have already
been discussed at previous meetings.
remainder of the chapters in Part 1 were discussed in high level detail
2 of the document is devoted to requirements for documentation, how
the devices need to be documented.
2 of part 2 are vendor requirements.
3 is for testing requirements. It contains only testing related requirements
- it doesn't contain requirements on how to test a system.
5 contains the information on Open Ended Vulnerability Testing (OEVT).
are to have an html version of the report on line as well as a searchable
plan is to deliver the draft to the EAC around mid September.
EAC plans to have the document publicly reviewed in two phases. It will
be posted after TGDC delivers to EAC for 120 day comment period. These
comments will be reviewed and the document revised. EAC will then release
their version of the report for another 120 day review period. EAC plans
to take their time with the review process in order to deliver a valuable