<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:x="urn:schemas-microsoft-com:office:excel" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Aptos;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
font-size:11.0pt;
font-family:"Aptos",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#467886;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:36.0pt;
font-size:11.0pt;
font-family:"Aptos",sans-serif;}
span.EmailStyle21
{mso-style-type:personal-reply;
font-family:"Aptos",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;
mso-ligatures:none;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:1313176411;
mso-list-type:hybrid;
mso-list-template-ids:55746626 67698705 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l0:level1
{mso-level-text:"%1\)";
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level2
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level3
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l0:level4
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level5
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level6
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l0:level7
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level8
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l0:level9
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l1
{mso-list-id:2024816173;
mso-list-template-ids:601545302;}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-GB link="#467886" vlink="#96607D" style='word-wrap:break-word'><div class=WordSection1><p class=MsoNormal><span style='mso-fareast-language:EN-US'>Erik agrees with our proposals.<o:p></o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:EN-US'>..David<o:p></o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:EN-US'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal><b><span lang=EN-US style='font-family:"Calibri",sans-serif'>From:</span></b><span lang=EN-US style='font-family:"Calibri",sans-serif'> Barkley, Erik J (US 3970) <erik.j.barkley@jpl.nasa.gov> <br><b>Sent:</b> 21 October 2024 18:01<br><b>To:</b> david@giaretta.org<br><b>Cc:</b> Thomas Gannett <thomas.gannett@tgannett.net><br><b>Subject:</b> RE: [EXTERNAL] CESG Polls - responses from MOIMS-DAI<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif'>Dear David,<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif'>Please consider the conditions satisfied and retired. Thank you for the timely reply. In order, here are item specific responses:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif'><o:p> </o:p></span></p><ol style='margin-top:0cm' start=1 type=1><li class=MsoListParagraph style='margin-left:0cm;mso-list:l0 level1 lfo3'><span lang=EN-US style='font-family:"Calibri",sans-serif'>Thank you for the additional example statements. I think that really helps.<o:p></o:p></span></li><li class=MsoListParagraph style='margin-left:0cm;mso-list:l0 level1 lfo3'><span lang=EN-US style='font-family:"Calibri",sans-serif'>Fair enough regarding the established terminology. More a matter of style/editorial concern and so it is fine to leave it as is.<o:p></o:p></span></li><li class=MsoListParagraph style='margin-left:0cm;mso-list:l0 level1 lfo3'><span lang=EN-US style='font-family:"Calibri",sans-serif'>Thank you for adding the indication regarding use of UML class diagrams.<o:p></o:p></span></li><li class=MsoListParagraph style='margin-left:0cm;mso-list:l0 level1 lfo3'><span lang=EN-US style='font-family:"Calibri",sans-serif'>I think the updated security section is definitely better and adequately addresses the concern. <o:p></o:p></span></li></ol><p class=MsoListParagraph><span lang=EN-US style='font-family:"Calibri",sans-serif'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif'>Best regards,<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif'>-Erik<o:p></o:p></span></p><p class=MsoListParagraph><span lang=EN-US style='font-family:"Calibri",sans-serif'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal><b><span lang=EN-US style='font-family:"Calibri",sans-serif'>From:</span></b><span lang=EN-US style='font-family:"Calibri",sans-serif'> <a href="mailto:david@giaretta.org">david@giaretta.org</a> <<a href="mailto:david@giaretta.org">david@giaretta.org</a>> <br><b>Sent:</b> Monday, October 21, 2024 03:26<br><b>To:</b> Barkley, Erik J (US 3970) <<a href="mailto:erik.j.barkley@jpl.nasa.gov">erik.j.barkley@jpl.nasa.gov</a>><br><b>Cc:</b> Thomas Gannett <<a href="mailto:thomas.gannett@tgannett.net">thomas.gannett@tgannett.net</a>><br><b>Subject:</b> [EXTERNAL] CESG Polls - responses from MOIMS-DAI<o:p></o:p></span></p></div></div><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal>Dear Erik<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Here are the MOIMS-DAI responses to your conditions.<o:p></o:p></p><p class=MsoNormal>Please let us know is our proposals address these adequately.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Regards<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>..David<o:p></o:p></p><p class=MsoNormal>Chair, MOIMS-DAI<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><b><o:p> </o:p></b></p><p class=MsoNormal><b>CESG E-Poll Identifier: CESG-P-2024-09-004 Approval to publish CCSDS 653.0-M-1, Information Preparation to Enable Long Term Use (Magenta Book, Issue 1)<o:p></o:p></b></p><p class=MsoNormal>Erik Barkley (Approve with Conditions): <o:p></o:p></p><p class=MsoNormal>1) (Essentially editorial): <o:p></o:p></p><p class=MsoNormal>pg 1-1: For the sentence that reads "However, it is widely recognized that many such endeavours are not able, for one reason or another, to leave a sufficient legacy of information so others can reuse and fully leverage the effort that has gone into the endeavor.", suggest citing at least one and perhaps two concrete examples rather than the generic "for one reason or another". Rationale: if there is a "well-recognized need" then it seems there should be well-recognized examples re "one reason or another" that this recommendation is addressing.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><table class=MsoNormalTable border=0 cellspacing=0 cellpadding=0 style='border-collapse:collapse'><tr><td width=623 valign=top style='width:467.5pt;border:solid windowtext 1.0pt;padding:0cm 5.4pt 0cm 5.4pt'><p class=MsoNormal>MOIMS-DAI PROPOSAL <a href="https://urldefense.us/v3/__http:/review.oais.info/show_bug.cgi?id=393__;!!PvBDto6Hs4WbVuu7!IyPZ-2oHHu7F5lIM7lp2ZpUODXW1_hzL61_AFFuzkj2K8zw6vLHphjwY4dT8mvuel9PbgXspRiMfriuY0Zgbd7hD$">http://review.oais.info/show_bug.cgi?id=393</a>:<o:p></o:p></p><p class=MsoNormal>Add after the quoted sentence:<o:p></o:p></p><p class=MsoNormal>“Such reasons include the focus on hardware by those involved in earlier stages of a project means that they may not always think about collecting and saving information about design decisions and calibrations needed for analysis of the data the hardware will collect or create; lack of understanding that there must be a budget allocation to fund the collection of such information; uncertainty about what information to collect at various stages often means that very little is collected; information may not be collected if it is not needed for the primary use of the data collected, which means that alternative uses are limited.”<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p></td></tr></table><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><b>CESG E-Poll Identifier: CESG-P-2024-09-001 Approval to publish CCSDS 650.0-M-3, Reference Model for an Open Archival Information System (OAIS) (Magenta Book, Issue 3)<o:p></o:p></b></p><p class=MsoNormal> Erik Barkley (Approve with Conditions): <o:p></o:p></p><p class=MsoNormal>1) Minor editorial suggestion: the general form re figure annotions of "Functions of the <xyz> Functional Entity" seems a little clunky. Why not just phrase it as "<xyz> Entity Functions" ?<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>2) Pg 4-39 -- please identify the specific type of UML diagram -- It looks like a UML Class Diagram? This will help the reader identify the semantics of the diagram. This also applies through the document -- perhaps just indicate somewhere in the introductory material that class diagrams are being used ? ( This could save some editing effort)<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>3) The security sections could be more to the point, and given that we are talking about securing archives which may (or likely will) contain key information to be preserved for a significant length of time, seems a bit lacking. At a minimum suggest referencing NIST 800-209 and ISO/IEC 27040 for more detailed guidance on data storage security. If it helps, I can also think of making sure this section addresses the following points:<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal> Regular Backups: Regularly backup critical data to ensure its availability in case of accidental deletion, hardware failure, or cyberattacks.<o:p></o:p></p><p class=MsoNormal> Encryption: Implement encryption during both storage and transmission to protect data from unauthorized access.<o:p></o:p></p><p class=MsoNormal> Access Controls: Set up robust access controls and authentication systems to ensure only authorized personnel can access the archived data.<o:p></o:p></p><p class=MsoNormal> Multi-Factor Authentication (MFA): Enable MFA to add an extra layer of security.<o:p></o:p></p><p class=MsoNormal> Secure Off-Site Storage: Use secure off-site storage solutions to protect data from physical threats.<o:p></o:p></p><p class=MsoNormal> Regular Audits: Conduct regular audits and monitoring to detect and respond to any unauthorized access attempts.<o:p></o:p></p><p class=MsoNormal> Anti-Malware and Firewalls: Use anti-malware software and firewalls to protect against cyber threats.<o:p></o:p></p><p class=MsoNormal> Disaster Recovery Plan: Establish a disaster recovery plan to ensure data can be quickly restored in case of a major incident.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><table class=MsoNormalTable border=0 cellspacing=0 cellpadding=0 style='border-collapse:collapse'><tr><td width=601 valign=top style='width:450.8pt;border:solid windowtext 1.0pt;padding:0cm 5.4pt 0cm 5.4pt'><p class=MsoNormal>MOIMS-DAI PROPOSAL <a href="https://urldefense.us/v3/__http:/review.oais.info/show_bug.cgi?id=395__;!!PvBDto6Hs4WbVuu7!IyPZ-2oHHu7F5lIM7lp2ZpUODXW1_hzL61_AFFuzkj2K8zw6vLHphjwY4dT8mvuel9PbgXspRiMfriuY0aIGnIgW$">http://review.oais.info/show_bug.cgi?id=395</a><o:p></o:p></p><p class=MsoNormal>1) We believe that changing the well established terminology will cause confusion.<o:p></o:p></p><p class=MsoNormal>2) In sections 1.5.2 and 4.3.1, and in Annex C, we will clarify that we are using UML Class diagrams. <o:p></o:p></p><p class=MsoNormal>3) In Annex F, change <o:p></o:p></p><p class=MsoNormal>FROM<o:p></o:p></p><p class=MsoNormal>"This should include all appropriate security measures such as physical access, backups and periodic integrity checking."<o:p></o:p></p><p class=MsoNormal>TO:<o:p></o:p></p><p class=MsoNormal>"This should include all appropriate security measures such as physical access, backup and recovery processes, periodic integrity checking, and other measures for example from ISO ISO/IEC 27040 and audits such as those under ISO/IEC 16363."<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p></td></tr></table><p class=MsoNormal><o:p> </o:p></p></div></body></html>