Date: Fri, 29 Mar 2024 14:36:08 +0000 (UTC) Message-ID: <1999530881.8097.1711722968675@ip-10-10-7-29.ec2.internal> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_8096_904161142.1711722968673" ------=_Part_8096_904161142.1711722968673 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
AD-Assurance Notes from March 8
Eric Goodman, UCOP
Mark Rank, UCSF
David Walker, InCommon/Internet2
Etan Weintraub, Johns Hopkins
Michael Brogan, UWash
Jeff Capehart, UFL
Ron Thielen, UChicago
Lee Amenya, UCSD
James Oulman, UFL
Brian Arkills, UWash
Ann West, InCommon/Internet2
Next Call
-------
March 15 at Noon ET
+1-734-615-7474 PREFERRED
+1-866-411-0013
0195240#
Action Items
-------
Ann will invite Chris Irwin from MS to join the group
Ann will work with Debbie Bucci (NIH) to set up calls with Federal Agenc= ies that have certified IdPs.
Michael will add a scope statement to the Charter Page.
Etan will pursue developing approach for Office365 and Bronze/Silver&nbs= p;compliance.
Michael and Eric will develop a draft table in the wiki that summarizes = the profile requirements, relevant AD behaviors and gaps.
Ron will send a draft of log checking as compensating control.
Ann will set up a standing weekly call.
Notes
--------
Notes from 3/8 were approved
Action item Update
Federal Agencies that have Certified IdPs
Debbie Bucci from NIH has identified a team at NASA that has a certified=
IdPs. She has offered to set up a call with them. Jeff C mentioned that th=
ey may be using two-factor which is not in scope for us. The group would st=
ill like to interview the team and gather information.. Instead of includin=
g them on a group call, [AI] Ann will set up a side call with Brian, D=
avid, Eric, Lee and any agency team we identify. We'll then produce a summa=
ry for the larger group to review.
<=
/p>
Scoping
[AI] - Michael will add a scope draft to the Charter wiki page.
The Cookbook was developed to address 1.1 and minimally has to be brough=
t up to comply with 1.2.
What AD products should we consider in scope under the Framework:
Work Plan Moving Forward
[AI] Michael and Eric will draft a wiki table including the relevant pro=
file sections and intent, AD behavior/configuration one could use to c=
lear the bar, and gaps. The goal is to highlight what we do and don't know =
and develop questions for MS to ensure accuracy of the final product. Once =
the gaps are verified, we'll then determine if there Alternative Means (AM)=
that can be used to satisfy the criteria. For instance, one could set up a=
n audit process to ensure credentials are still valid: checking the log cou=
ld be a compensating control. [AI] Ron will send an example of this approac=
h. We also may identify more than one AM; more than one could be propo=
sed.
Call Schedule
[AI] Ann will set up a standing weekly call. The group would like to mee= t weekly to keep momentum going and hit the end of April deadline.