...
- Proposed BE Statement:
- All Identity Providers (IdP) and Service Providers (SP) service endpoints must be secured with current and community-trusted transport layer encryption.
- Notes from June 30, 2020 Office Hours on encrypting endpoints
- Agreed that we will not require any particular grade as part of Baseline Expectations
- General statement appears OK
- In Clarification document note that regarding SSL lab grade, requirements of “B”: B is minimally acceptable; aim for A,
- and if you have B, consult with your info sec team
- Need implementation guidance for federation operator
- Check for https:
- Possibly async scan of data (see Albert for ideas)
- AI Albert check with Nick R and team on whether the proposed approach to endpoint scans (periodic async scans) is practical
- Question: how will we know when an org is out of compliance with this endpoints requirement of Baseline?
- Answer: use various events (executive change) to trigger async checking. Then we notify the site administrator
- Orgs need to use MDQ
- TomB:
- 1. need to manage workflow of getting things checked
- 2. Need to clearly articulate to participants what the expectation is
- Good idea to reference SSL Labs grade in the clarification document
...