[CESG] [Secretariat] [EXTERNAL] Re: CESG Approval of Revised Information Security Glossary

Thomas Gannett thomas.gannett at tgannett.net
Tue Feb 4 17:40:45 UTC 2020 

Michael:

 

We have discussed this a couple of times in the past on telecons, prior to Agency review. The issue is that the Security Glossary replicates a vast number of terms and definitions from copyrighted ISO books, and we do not have ISO permission to do that.

 

I suspect that if ISO understands clearly that we intend to republish copyrighted ISO material and make it available for free on the CCSDS site, they might object. I also suspect, however, that if we approach it from the ISO-standardization perspective, that is, that the Security Glossary will be submitted via SC13 to become an ISO standard (not mentioning that the same book will be available for free from CCSDS), there is a possibility that ISO would simply grant permission.

 

Without explicit permission, I have serious qualms about releasing the document.

 

In answer to one of your questions, “Will additional terms be reproduced in future documents?”:

 

With respect to the Security WG, the purpose of the Glossary is to obviate having to replicate the terms in future documents; however, other WGs may want to publish similar glossaries of terms from other disciplines in the future, for much the same purpose.

 

The current version of the Security Glossary is attached.

 

Tom

 

Logothete, L.L.C.

thomas.gannett at tgannett.net

+1 443 472 0805

 

From: Blackwood, Michael D. [mailto:MBlackwood at asrcfederal.com] 
Sent: Tuesday, February 04, 2020 10:18 AM
To: Thomas Gannett; 'Shames, Peter M (US 312B)'; 'Weiss, Howard'; 'Barkley, Erik J (US 3970)'; Wilmot, Jonathan
Cc: Blackwood, Michael D. (HQ-CG000)[Arctic Slope Technical Services, Inc.]; 'Space Assigned Numbers Authority'; 'CCSDS Engineering Steering Group - CESG Exec'
Subject: RE: [Secretariat] [CESG] [EXTERNAL] Re: CESG Approval of Revised Information Security Glossary

 

Hi Tom and All,

 

I’m not sure I fully understand the issue relating to using ISO terms nor am I familiar with the Security Glossary. Here are a few questions I would expect ISO to ask.

 

Is the intention to align terms in CCSDS documents with ISO terms and define them identically or is there another rationale for this reuse?

 

How many terms will be reproduced at this time?

 

>From which ISO standards do these terms come?

 

Will additional terms be reproduced in future documents?

 

How does CCSDS plan to attribute the origin of the terms in question?

 

The glossary itself answers most of these questions, so having a copy I can share with the ISO would be very helpful. Generally ISO allows extracts of standards in other publications with citation and cognizance of the user’s license for the ISO publication. CCSDS does not have a license for any ISO standards which may be a wrinkle.

 

Best regards,

 

Michael Blackwood

CCSDS Secretariat

W: 301-837-3901 | michael.blackwood at asrcfederal.com

7515 Mission Drive, Seabrook, MD 20706

ASRC Federal | Customer-Focused. Operationally Excellent.

 

 

From: Secretariat [mailto:secretariat-bounces at mailman.ccsds.org] On Behalf Of Thomas Gannett
Sent: Monday, February 3, 2020 3:32 PM
To: 'Shames, Peter M (US 312B)' <peter.m.shames at jpl.nasa.gov>; 'Weiss, Howard' <Howard.Weiss at parsons.com>; 'Barkley, Erik J (US 3970)' <erik.j.barkley at jpl.nasa.gov>; Wilmot, Jonathan <jonathan.j.wilmot at nasa.gov>
Cc: Blackwood, Michael D. (HQ-CG000)[Arctic Slope Technical Services, Inc.] <michael.d.blackwood at nasa.gov>; 'Space Assigned Numbers Authority' <info at sanaregistry.org>; 'CCSDS Engineering Steering Group - CESG Exec' <cesg at mailman.ccsds.org>
Subject: Re: [Secretariat] [CESG] [EXTERNAL] Re: CESG Approval of Revised Information Security Glossary

 

[External Email] 

  _____  

Howie:

 

The way we currently view things is that terms in the glossary are derived, along with their normative force, if any, from published CCSDS documents. So you could reference the SANA glossary, because the SANA glossary references the normative source document, but it would seem to me to be more precise simply to reference the document.

 

The peculiar wrinkle in this case is that, so far, we don’t actually have permission from ISO to go far beyond fair use in borrowing terms wholesale from copyrighted ISO documents.

 

I personally would like to see such permission in writing before releasing the document on the CCSDS site.  The situation could actually arise in which we are unable to release the document publicly—or we release it and are then asked to take it down.  If that were to happen, the terms would nevertheless have found their way into the SANA glossary, making it the only viable reference (provided ISO doesn’t know about it).

 

I’m not trying to give everyone heartburn so much as to remind Michael he’s supposed to see about getting ISO permission.

 

Tom

 

 

Logothete, L.L.C.

thomas.gannett at tgannett.net

+1 443 472 0805

 

From: Secretariat [mailto:secretariat-bounces at mailman.ccsds.org] On Behalf Of Shames, Peter M (US 312B) via Secretariat
Sent: Monday, February 03, 2020 2:46 PM
To: Weiss, Howard; Barkley, Erik J (US 3970); Jonathan Wilmot
Cc: CCSDS Secretariat; Space Assigned Numbers Authority; CCSDS Engineering Steering Group - CESG Exec
Subject: Re: [Secretariat] [EXTERNAL] Re: CESG Approval of Revised Information Security Glossary

 

I would say that's a "qualified yes".  The normative documents in CCSDS are Blue and Magenta, and so the documents are authoritative.  The Glossary only contains terms that are published in CCSDS documents and it includes the references to those source documents.

 

The "qualified" part is that there are terms in the Glossary that were were pulled in from Green Books.  As such these are not normative.  So as long as you stick with terms from normative documents I think you are on safe ground.

 

Thanks, Peter

 

 

From: Howie Weiss <Howard.Weiss at parsons.com>
Date: Monday, February 3, 2020 at 11:28 AM
To: Peter Shames <peter.m.shames at jpl.nasa.gov>, Erik Barkley <erik.j.barkley at jpl.nasa.gov>, "Wilmot, Jonathan J. (GSFC-5820)" <Jonathan.J.Wilmot at NASA.gov>
Cc: CCSDS Engineering Steering Group - CESG Exec <cesg at mailman.ccsds.org>, Space Assigned Numbers Authority <info at sanaregistry.org>, CCSDS Secretariat <secretariat at mailman.ccsds.org>
Subject: [EXTERNAL] Re: CESG Approval of Revised Information Security Glossary

 

Peter

 

Question - in its current state, can a CCSDS document use the SANA glossary as a normative reference?  

 

howie

 

 

  _____  

HOWARD WEISS, CISSP

7110 Samuel Morse Drive
Columbia, MD 21046
443-430-8089 (office) / 443-494-9087 (cell) 
howard.weiss at parsons.com
www.parsons.com

Image removed by sender. https://dadcowa.parsons.com/owa/service.svc/s/GetFileAttachment?id=AAMkADU3OTA4MzlmLTkxMGItNDY0Zi04OGNmLTMwOTZjYzM5YTM3MgBGAAAAAADnseb%2BLc5MQ6BtWqvkjs6CBwCqn5Imv8rRRJfroHJUWEZZAAAAAAEMAACqn5Imv8rRRJfroHJUWEZZAAMft6UoAAABEgAQANLe86Fi15NBgUxLIz1DQdM%3D&X-OWA-CANARY=lraV37OvLkKgdF6tZiDqj3WftAG-qNcIZs4vecQS_9P1fFASGrlDPWLji8cJIJ41HaJNwmPY_A8.
Please consider the environment before printing this message

  _____  

From: Shames, Peter M (US 312B) <peter.m.shames at jpl.nasa.gov>
Sent: Monday, February 3, 2020 1:15 PM
To: Barkley, Erik J (US 3970); Weiss, Howard; Jonathan Wilmot
Cc: CCSDS Engineering Steering Group - CESG Exec; Space Assigned Numbers Authority; CCSDS Secretariat
Subject: [EXTERNAL] Re: CESG Approval of Revised Information Security Glossary 

 

Guys,

 

Once this document is approved those terms will be entered into / updated in the SANA Terminology registry.

 

That is the process and has been for years.

 

Thanks, Peter

 

 

From: Erik Barkley <erik.j.barkley at jpl.nasa.gov>
Date: Monday, February 3, 2020 at 10:07 AM
To: Howie Weiss <Howard.Weiss at parsons.com>, "Wilmot, Jonathan J. (GSFC-5820)" <Jonathan.J.Wilmot at NASA.gov>
Cc: Peter Shames <peter.m.shames at jpl.nasa.gov>
Subject: RE: CESG Approval of Revised Information Security Glossary

 

Howie,

 

Glad to hear you agree with getting the terms into SANA. With regard to getting “it” into SANA (existing glossary and/or security terms glossary – “it” was not quite clear to me but I assume security terms) I think that is something best initiated under the cognizance of the SE Area.  I’ll be happy to “second” any motion if need be, but I think the origin for any such request has to be with the SE Area. I am copying Peter on this email.

 

Best regards,

-Erik 

 

From: Weiss, Howard <Howard.Weiss at parsons.com> 
Sent: Friday, January 31, 2020 10:25
To: Jonathan Wilmot <Jonathan.J.Wilmot at NASA.gov>; Barkley, Erik J (US 3970) <erik.j.barkley at jpl.nasa.gov>
Subject: [EXTERNAL] FW: CESG Approval of Revised Information Security Glossary

 

Erik and Jonathan

 

I just saw your comments regarding the Information Security Glossary and I couldn’t agree with you more.  

 

It has always been our plan that the glossary move into SANA.  Others have voiced the same opinion.  However, there has been no movement.  I’ve heard that the existing glossary found on the SANA web site required the first attention since its not been reviewed or revised.  Maybe you guys can initiate some movement to get it into SANA?

 

Regards

 

howie

 

----------

 

HOWARD WEISS, CISSP

 

PARSONS, Inc.

7110 Samuel Morse Dr, Suite 200

Columbia, MD 21046

 <mailto:howard.weiss at parsons.com> howard.weiss at parsons.com

443-430-8089 (office) / 443-494-9087 (mobile)

 

cid:image003.png at 01D5DB3C.0127BD80

 

From: SEA-SEC <sea-sec-bounces at mailman.ccsds.org> On Behalf Of Weiss, Howard
Sent: Friday, January 31, 2020 1:19 PM
To: 'sea-sec at mailman.ccsds.org' <sea-sec at mailman.ccsds.org>
Subject: [EXTERNAL] [Sea-sec] CESG Approval of Revised Information Security Glossary

 

FYI - The CESG has approved the revised Information Security Glossary:

 

* * * * * * * * * * * * * * * * * * * * * * * * 

CESG E-Poll Identifier:  CESG-P-2019-12-004 Approval to publish CCSDS 350.8-M-2, Information Security Glossary of Terms (Magenta Book, Issue 2) Results of CESG poll beginning 31 December 2019 and ending 29 January 2020:

 

               Abstain:  0 (0%) 

Approve Unconditionally:  6 (100%) (Barkley, Merri, Shames, Burleigh, Moury, Wilmot) 

Approve with Conditions:  0 (0%) 

Disapprove with Comment:  0 (0%)

 

CONDITIONS/COMMENTS:

 

     Erik Barkley (Approve Unconditionally):  A comment/question (not a condition):  Seems like it would make sense to have this in SANA rather than a book -- has that been considered? In terms of normative application the MB could still be normative in identifying SANA registry and the update/governance policy.

 

     Jonathan Wilmot (Approve

Unconditionally):  I agree with Eric that glossaries would be better in SANA as they are living documents that will change over time.  Example: where would terms from BPsec be placed?

 

 

Total Respondents:  6

 

All Areas responded to this question.

 

SECRETARIAT INTERPRETATION OF RESULTS:  Approved Unconditionally

PROPOSED SECRETARIAT ACTION:            Generate CMC poll

 

 

----------

 

HOWARD WEISS, CISSP

 

PARSONS, Inc.

7110 Samuel Morse Dr, Suite 200

Columbia, MD 21046

 <mailto:howard.weiss at parsons.com> howard.weiss at parsons.com

443-430-8089 (office) / 443-494-9087 (mobile)

 

cid:image001.png at 01D5DA79.6E6023B0

 

 

NOTICE: This email message and all attachments transmitted with it may contain privileged and confidential information, and information that is protected by, and proprietary to, Parsons Corporation, and is intended solely for the use of the addressee for the specific purpose set forth in this communication. If the reader of this message is not the intended recipient, you are hereby notified that any reading, dissemination, distribution, copying, or other use of this message or its attachments is strictly prohibited, and you should delete this message and all copies and backups thereof. The recipient may not further distribute or use any of the information contained herein without the express written authorization of the sender. If you have received this message in error, or if you have any questions regarding the use of the proprietary information contained therein, please contact the sender of this message immediately, and the sender will provide you with further instructions.

 

  _____  


The preceding message (including attachments) is covered by the Electronic Communication Privacy Act, 18 U.S.C. sections 2510-2512, is intended only for the person or entity to which it is addressed, and may contain information that is confidential, protected by attorney-client or other privilege, or otherwise protected from disclosure by law. If you are not the intended recipient, you are hereby notified that any retention, dissemination, distribution, or copying of this communication is strictly prohibited. Please reply to the sender that you have received the message in error and destroy the original message and all copies.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.ccsds.org/pipermail/cesg/attachments/20200204/9430de0d/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.jpg
Type: image/jpeg
Size: 500 bytes
Desc: not available
URL: <http://mailman.ccsds.org/pipermail/cesg/attachments/20200204/9430de0d/attachment-0001.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.png
Type: image/png
Size: 9998 bytes
Desc: not available
URL: <http://mailman.ccsds.org/pipermail/cesg/attachments/20200204/9430de0d/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 350x8m12_CESG_Approval.pdf
Type: application/pdf
Size: 131865 bytes
Desc: not available
URL: <http://mailman.ccsds.org/pipermail/cesg/attachments/20200204/9430de0d/attachment-0001.pdf>

More information about the CESG mailing list