[CESG] [Secretariat] [EXTERNAL] Re: CESG Approval of Revised Information Security Glossary
Blackwood, Michael D.
MBlackwood at asrcfederal.com
Tue Feb 4 15:18:15 UTC 2020
Hi Tom and All,
I’m not sure I fully understand the issue relating to using ISO terms nor am I familiar with the Security Glossary. Here are a few questions I would expect ISO to ask.
Is the intention to align terms in CCSDS documents with ISO terms and define them identically or is there another rationale for this reuse?
How many terms will be reproduced at this time?
From which ISO standards do these terms come?
Will additional terms be reproduced in future documents?
How does CCSDS plan to attribute the origin of the terms in question?
The glossary itself answers most of these questions, so having a copy I can share with the ISO would be very helpful. Generally ISO allows extracts of standards in other publications with citation and cognizance of the user’s license for the ISO publication. CCSDS does not have a license for any ISO standards which may be a wrinkle.
Best regards,
Michael Blackwood
CCSDS Secretariat
W: 301-837-3901 | michael.blackwood at asrcfederal.com<mailto:michael.blackwood at asrcfederal.com>
7515 Mission Drive, Seabrook, MD 20706
ASRC Federal | Customer-Focused. Operationally Excellent.
From: Secretariat [mailto:secretariat-bounces at mailman.ccsds.org] On Behalf Of Thomas Gannett
Sent: Monday, February 3, 2020 3:32 PM
To: 'Shames, Peter M (US 312B)' <peter.m.shames at jpl.nasa.gov>; 'Weiss, Howard' <Howard.Weiss at parsons.com>; 'Barkley, Erik J (US 3970)' <erik.j.barkley at jpl.nasa.gov>; Wilmot, Jonathan <jonathan.j.wilmot at nasa.gov>
Cc: Blackwood, Michael D. (HQ-CG000)[Arctic Slope Technical Services, Inc.] <michael.d.blackwood at nasa.gov>; 'Space Assigned Numbers Authority' <info at sanaregistry.org>; 'CCSDS Engineering Steering Group - CESG Exec' <cesg at mailman.ccsds.org>
Subject: Re: [Secretariat] [CESG] [EXTERNAL] Re: CESG Approval of Revised Information Security Glossary
[External Email]
________________________________
Howie:
The way we currently view things is that terms in the glossary are derived, along with their normative force, if any, from published CCSDS documents. So you could reference the SANA glossary, because the SANA glossary references the normative source document, but it would seem to me to be more precise simply to reference the document.
The peculiar wrinkle in this case is that, so far, we don’t actually have permission from ISO to go far beyond fair use in borrowing terms wholesale from copyrighted ISO documents.
I personally would like to see such permission in writing before releasing the document on the CCSDS site. The situation could actually arise in which we are unable to release the document publicly—or we release it and are then asked to take it down. If that were to happen, the terms would nevertheless have found their way into the SANA glossary, making it the only viable reference (provided ISO doesn’t know about it).
I’m not trying to give everyone heartburn so much as to remind Michael he’s supposed to see about getting ISO permission.
Tom
Logothete, L.L.C.
thomas.gannett at tgannett.net
+1 443 472 0805
From: Secretariat [mailto:secretariat-bounces at mailman.ccsds.org] On Behalf Of Shames, Peter M (US 312B) via Secretariat
Sent: Monday, February 03, 2020 2:46 PM
To: Weiss, Howard; Barkley, Erik J (US 3970); Jonathan Wilmot
Cc: CCSDS Secretariat; Space Assigned Numbers Authority; CCSDS Engineering Steering Group - CESG Exec
Subject: Re: [Secretariat] [EXTERNAL] Re: CESG Approval of Revised Information Security Glossary
I would say that's a "qualified yes". The normative documents in CCSDS are Blue and Magenta, and so the documents are authoritative. The Glossary only contains terms that are published in CCSDS documents and it includes the references to those source documents.
The "qualified" part is that there are terms in the Glossary that were were pulled in from Green Books. As such these are not normative. So as long as you stick with terms from normative documents I think you are on safe ground.
Thanks, Peter
From: Howie Weiss <Howard.Weiss at parsons.com>
Date: Monday, February 3, 2020 at 11:28 AM
To: Peter Shames <peter.m.shames at jpl.nasa.gov>, Erik Barkley <erik.j.barkley at jpl.nasa.gov>, "Wilmot, Jonathan J. (GSFC-5820)" <Jonathan.J.Wilmot at NASA.gov>
Cc: CCSDS Engineering Steering Group - CESG Exec <cesg at mailman.ccsds.org>, Space Assigned Numbers Authority <info at sanaregistry.org>, CCSDS Secretariat <secretariat at mailman.ccsds.org>
Subject: [EXTERNAL] Re: CESG Approval of Revised Information Security Glossary
Peter
Question - in its current state, can a CCSDS document use the SANA glossary as a normative reference?
howie
________________________________
HOWARD WEISS, CISSP
7110 Samuel Morse Drive
Columbia, MD 21046
443-430-8089 (office) / 443-494-9087 (cell)
howard.weiss at parsons.com
www.parsons.com
[Image removed by sender. https://dadcowa.parsons.com/owa/service.svc/s/GetFileAttachment?id=AAMkADU3OTA4MzlmLTkxMGItNDY0Zi04OGNmLTMwOTZjYzM5YTM3MgBGAAAAAADnseb%2BLc5MQ6BtWqvkjs6CBwCqn5Imv8rRRJfroHJUWEZZAAAAAAEMAACqn5Imv8rRRJfroHJUWEZZAAMft6UoAAABEgAQANLe86Fi15NBgUxLIz1DQdM%3D&X-OWA-CANARY=lraV37OvLkKgdF6tZiDqj3WftAG-qNcIZs4vecQS_9P1fFASGrlDPWLji8cJIJ41HaJNwmPY_A8.]
Please consider the environment before printing this message
________________________________
From: Shames, Peter M (US 312B) <peter.m.shames at jpl.nasa.gov>
Sent: Monday, February 3, 2020 1:15 PM
To: Barkley, Erik J (US 3970); Weiss, Howard; Jonathan Wilmot
Cc: CCSDS Engineering Steering Group - CESG Exec; Space Assigned Numbers Authority; CCSDS Secretariat
Subject: [EXTERNAL] Re: CESG Approval of Revised Information Security Glossary
Guys,
Once this document is approved those terms will be entered into / updated in the SANA Terminology registry.
That is the process and has been for years.
Thanks, Peter
From: Erik Barkley <erik.j.barkley at jpl.nasa.gov>
Date: Monday, February 3, 2020 at 10:07 AM
To: Howie Weiss <Howard.Weiss at parsons.com>, "Wilmot, Jonathan J. (GSFC-5820)" <Jonathan.J.Wilmot at NASA.gov>
Cc: Peter Shames <peter.m.shames at jpl.nasa.gov>
Subject: RE: CESG Approval of Revised Information Security Glossary
Howie,
Glad to hear you agree with getting the terms into SANA. With regard to getting “it” into SANA (existing glossary and/or security terms glossary – “it” was not quite clear to me but I assume security terms) I think that is something best initiated under the cognizance of the SE Area. I’ll be happy to “second” any motion if need be, but I think the origin for any such request has to be with the SE Area. I am copying Peter on this email.
Best regards,
-Erik
From: Weiss, Howard <Howard.Weiss at parsons.com>
Sent: Friday, January 31, 2020 10:25
To: Jonathan Wilmot <Jonathan.J.Wilmot at NASA.gov>; Barkley, Erik J (US 3970) <erik.j.barkley at jpl.nasa.gov>
Subject: [EXTERNAL] FW: CESG Approval of Revised Information Security Glossary
Erik and Jonathan
I just saw your comments regarding the Information Security Glossary and I couldn’t agree with you more.
It has always been our plan that the glossary move into SANA. Others have voiced the same opinion. However, there has been no movement. I’ve heard that the existing glossary found on the SANA web site required the first attention since its not been reviewed or revised. Maybe you guys can initiate some movement to get it into SANA?
Regards
howie
----------
HOWARD WEISS, CISSP
PARSONS, Inc.
7110 Samuel Morse Dr, Suite 200
Columbia, MD 21046
howard.weiss at parsons.com<mailto:howard.weiss at parsons.com>
443-430-8089 (office) / 443-494-9087 (mobile)
[cid:image003.png at 01D5DB3C.0127BD80]
From: SEA-SEC <sea-sec-bounces at mailman.ccsds.org<mailto:sea-sec-bounces at mailman.ccsds.org>> On Behalf Of Weiss, Howard
Sent: Friday, January 31, 2020 1:19 PM
To: 'sea-sec at mailman.ccsds.org' <sea-sec at mailman.ccsds.org<mailto:sea-sec at mailman.ccsds.org>>
Subject: [EXTERNAL] [Sea-sec] CESG Approval of Revised Information Security Glossary
FYI - The CESG has approved the revised Information Security Glossary:
* * * * * * * * * * * * * * * * * * * * * * * *
CESG E-Poll Identifier: CESG-P-2019-12-004 Approval to publish CCSDS 350.8-M-2, Information Security Glossary of Terms (Magenta Book, Issue 2) Results of CESG poll beginning 31 December 2019 and ending 29 January 2020:
Abstain: 0 (0%)
Approve Unconditionally: 6 (100%) (Barkley, Merri, Shames, Burleigh, Moury, Wilmot)
Approve with Conditions: 0 (0%)
Disapprove with Comment: 0 (0%)
CONDITIONS/COMMENTS:
Erik Barkley (Approve Unconditionally): A comment/question (not a condition): Seems like it would make sense to have this in SANA rather than a book -- has that been considered? In terms of normative application the MB could still be normative in identifying SANA registry and the update/governance policy.
Jonathan Wilmot (Approve
Unconditionally): I agree with Eric that glossaries would be better in SANA as they are living documents that will change over time. Example: where would terms from BPsec be placed?
Total Respondents: 6
All Areas responded to this question.
SECRETARIAT INTERPRETATION OF RESULTS: Approved Unconditionally
PROPOSED SECRETARIAT ACTION: Generate CMC poll
----------
HOWARD WEISS, CISSP
PARSONS, Inc.
7110 Samuel Morse Dr, Suite 200
Columbia, MD 21046
howard.weiss at parsons.com<mailto:howard.weiss at parsons.com>
443-430-8089 (office) / 443-494-9087 (mobile)
[cid:image001.png at 01D5DA79.6E6023B0]
NOTICE: This email message and all attachments transmitted with it may contain privileged and confidential information, and information that is protected by, and proprietary to, Parsons Corporation, and is intended solely for the use of the addressee for the specific purpose set forth in this communication. If the reader of this message is not the intended recipient, you are hereby notified that any reading, dissemination, distribution, copying, or other use of this message or its attachments is strictly prohibited, and you should delete this message and all copies and backups thereof. The recipient may not further distribute or use any of the information contained herein without the express written authorization of the sender. If you have received this message in error, or if you have any questions regarding the use of the proprietary information contained therein, please contact the sender of this message immediately, and the sender will provide you with further instructions.
________________________________
The preceding message (including attachments) is covered by the Electronic Communication Privacy Act, 18 U.S.C. sections 2510-2512, is intended only for the person or entity to which it is addressed, and may contain information that is confidential, protected by attorney-client or other privilege, or otherwise protected from disclosure by law. If you are not the intended recipient, you are hereby notified that any retention, dissemination, distribution, or copying of this communication is strictly prohibited. Please reply to the sender that you have received the message in error and destroy the original message and all copies.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.ccsds.org/pipermail/cesg/attachments/20200204/7630ce92/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.png
Type: image/png
Size: 9998 bytes
Desc: image003.png
URL: <http://mailman.ccsds.org/pipermail/cesg/attachments/20200204/7630ce92/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 602 bytes
Desc: image001.jpg
URL: <http://mailman.ccsds.org/pipermail/cesg/attachments/20200204/7630ce92/attachment-0001.jpg>
More information about the CESG
mailing list