Page tree
Skip to end of metadata
Go to start of metadata

Attendees:

Bob Dein (Miami)

Chris Hubing (Pen St.)

Dan Kiskis (Michigan)

Dana Miller (Miami)

J.J DuChateau (Wisconsin)

Jeff Minelli (PSU)

John Ladwig

Louis King (Yale)

Brenda Reeb (Rochester)

Maher Shinouda

Mike Janke (MnSCU) - Presenter

Jose Cedeno (OSU)

Chris Eagle (Michigan)

Jim Phelps (Wash U)

 

API WG - cancelled call, pushed out

 

Spring F2F (Chris & Brenda) 

  • Doing additional planning after call today
  • Registration started last week. 
  • See details on Wiki. 
  • Sign-up soon before space runs out.


Mike Janke (Univ. Minnesota System) - Framework for Enterprise System Guidance

  • Created a “library of controls” (a.k.a. Non-Functional Requirements)
  • Created a framework to determine which controls would be applied to which systems.
  • NIST frameworks not much help in applying controls to systems.
  • ISO frameworks and NFRs were not applicable either
  • NFRs are analogous to construction building codes and specify outcomes, not methods
  • 4 Categories:
    • Resiliency
    • Recoverability
    • ?
    • Security
  • Developed system characteristic and impact survey Qs to create system Assurance Profiles
  • Mapped survey results to framework grids via matrices
  • Used grid positions to map controls to systems
  • Initially Implemented as guidance then tested for 1 year

Q & A

Q: How is it going?

A: OK. Been tweeking the model to fit more and more systems (e.g. starting with major systems). Due to workload, using primarily for new systems and applying to existing as time & resources permit.

Q: Have your development teams adopted as build requirements for on-site solutions?

A: Yes

Q: Is a copy of presentation available?

A: We will send whatever we are allowed via the ITANA Wiki

 

 Wrap-Up 

 

  • Next call presentation will be on Capability Maps
  • In 4 Weeks we will do our first roundtable
  • No labels