[CESG] [Secretariat] [EXTERNAL] Re: CESG Approval of Revised Information Security Glossary
Shames, Peter M (US 312B)
peter.m.shames at jpl.nasa.gov
Wed Feb 5 16:50:44 UTC 2020
Thanks Margherita,
I do want to point out that there are many places, besides Security, where we use ISO definitions. One of the most commonly cited references when talking of protocols is ISO/IEC 7498, otherwise known as the "Open Systems Interconnection - Basic Reference Model (BRM) ". Most of SLS, a lot of SIS, and SEA all reference this seven layer model. In fact, I think CSS, MOIMS, and SOIS do as well. A lot of the terminology that we use, relating to protocols, layers, interfaces, PDU, SDU, etc, is sourced directly from the ISO BRM. There are other ISO standards that are not as widely used, but which have been referenced, and the definitions used, either directly or with adaptations, in CCSDS standards.
To my knowledge this has never come up as an issue before. We have always believed that this fell in the context of "fair use". See https://en.wikipedia.org/wiki/Fair_use for an exact description. This is, as far as I can tell, US (and UK) practice, but it may not be the same in other countries. I think our use of these definitions does fall within the context defined here, even if there and a large number of definitions used, as long as the source is cited.
My opinion, and I am no lawyer.
Regards, Peter
From: "Margherita.di.Giulio at esa.int" <Margherita.di.Giulio at esa.int>
Date: Wednesday, February 5, 2020 at 8:06 AM
To: Tom Gannett <thomas.gannett at tgannett.net>
Cc: CCSDS Engineering Steering Group - CESG Exec <cesg at mailman.ccsds.org>, 'CESG' <cesg-bounces at mailman.ccsds.org>, Gian Paolo Calzolari <Gian.Paolo.Calzolari at esa.int>, Howie Weiss <Howard.Weiss at parsons.com>, 'Space Assigned Numbers Authority' <info at sanaregistry.org>, Peter Shames <peter.m.shames at jpl.nasa.gov>
Subject: Re: [CESG] [Secretariat] [EXTERNAL] Re: CESG Approval of Revised Information Security Glossary
Dear Tom and All,
I will put one item in the Agenda of the CESG Telecon - and also of future CCSDS sessions - to recap the discussion about the SANA Glossary, and its relation with the Glossaries of the CCSDS books.
Namely:
- current situation of the SANA Glossary, where terms are derived from normative as well as informative sources
- Evolution of the SANA Glossary , having either of the following targets in mind:
o to clearly identify/distinguish between normative vs. informative terms (depending if e.g. they come from blue or from green books), or
o to only leave normative terms in, thus aiming at fully normative role of the Glossary
o other proposals, next steps and roadmap
- Terms and definitions replicated from copyrighted ISO publications (issue is mainly with the Security Glossary) for which CCSDS does not (yet) have ISO permission
Kind regards,
Margherita
--------------------------------------------------------------
Margherita di Giulio
Ground Station Systems Division
Backend Software Section (OPS-GSB)
European Space Agency ESA/ESOC
Robert-Bosch-Str. 5
D-64293 Darmstadt - Germany
Tel: +49-6151-902779
e-mail: Margherita.di.Giulio at esa.int
From: "Thomas Gannett" <thomas.gannett at tgannett.net>
To: <Gian.Paolo.Calzolari at esa.int>, "'Shames, Peter M\(US 312B\)'" <peter.m.shames at jpl.nasa.gov>
Cc: "'CCSDS Engineering Steering Group - CESG Exec'" <cesg at mailman.ccsds.org>, "'Space Assigned Numbers Authority'" <info at sanaregistry.org>, "'CESG'" <cesg-bounces at mailman.ccsds.org>, "'Weiss, Howard'" <Howard.Weiss at parsons.com>
Date: 04/02/2020 18:55
Subject: Re: [CESG] [Secretariat] [EXTERNAL] Re: CESG Approval of Revised Information Security Glossary
Sent by: "CESG" <cesg-bounces at mailman.ccsds.org>
________________________________
I think perhaps the term “normative” needs to be defined in the SANA Glossary: Even though the SANA Glossary contains terms derived from normative as well as informative sources, the purpose of having the glossary is to normalize the terms within the CCSDS. The Glossary is in fact intended to be “normative” for the CCSDS regardless of the source of the terms: we do adjure all document developers that they should consult it, preferentially use terms defined in it, not arbitrarily redefine terms that already exist in it, etc.
Unfortunately, the SANA Glossary is also in a draft state, so discussions of its normative force are academic at the present time.
Logothete, L.L.C.
thomas.gannett at tgannett.net
+1 443 472 0805
From: Secretariat [mailto:secretariat-bounces at mailman.ccsds.org] On Behalf Of Gian.Paolo.Calzolari at esa.int
Sent: Tuesday, February 04, 2020 5:56 AM
To: Shames, Peter M(US 312B)
Cc: Weiss, Howard; CCSDS Engineering Steering Group - CESG Exec; Space Assigned Numbers Authority; CESG
Subject: Re: [Secretariat] [CESG] [EXTERNAL] Re: CESG Approval of Revised Information Security Glossary
There is an additional case: terms defined in an informative annex of a Blue Book. :o)
Regards
Gian Paolo
From: "Shames, Peter M\(US 312B\) via CESG" <cesg at mailman.ccsds.org>
To: "Weiss, Howard" <Howard.Weiss at parsons.com>, "Barkley, Erik J (US 3970)" <erik.j.barkley at jpl.nasa.gov>, "Jonathan Wilmot" <Jonathan.J.Wilmot at NASA.gov>
Cc: "Space Assigned Numbers Authority" <info at sanaregistry.org>, "CCSDS Engineering Steering Group - CESG Exec" <cesg at mailman.ccsds.org>
Date: 03-02-20 20:45
Subject: Re: [CESG] [EXTERNAL] Re: CESG Approval of Revised Information Security Glossary
Sent by: "CESG" <cesg-bounces at mailman.ccsds.org>
________________________________
I would say that's a "qualified yes". The normative documents in CCSDS are Blue and Magenta, and so the documents are authoritative. The Glossary only contains terms that are published in CCSDS documents and it includes the references to those source documents.
The "qualified" part is that there are terms in the Glossary that were were pulled in from Green Books. As such these are not normative. So as long as you stick with terms from normative documents I think you are on safe ground.
Thanks, Peter
From: Howie Weiss <Howard.Weiss at parsons.com>
Date: Monday, February 3, 2020 at 11:28 AM
To: Peter Shames <peter.m.shames at jpl.nasa.gov>, Erik Barkley <erik.j.barkley at jpl.nasa.gov>, "Wilmot, Jonathan J. (GSFC-5820)" <Jonathan.J.Wilmot at NASA.gov>
Cc: CCSDS Engineering Steering Group - CESG Exec <cesg at mailman.ccsds.org>, Space Assigned Numbers Authority <info at sanaregistry.org>, CCSDS Secretariat <secretariat at mailman.ccsds.org>
Subject: [EXTERNAL] Re: CESG Approval of Revised Information Security Glossary
Peter
Question - in its current state, can a CCSDS document use the SANA glossary as a normative reference?
howie
________________________________
HOWARD WEISS, CISSP
7110 Samuel Morse Drive
Columbia, MD 21046
443-430-8089 (office) / 443-494-9087 (cell)
howard.weiss at parsons.com
www.parsons.com
Please consider the environment before printing this message
________________________________
From: Shames, Peter M (US 312B) <peter.m.shames at jpl.nasa.gov>
Sent: Monday, February 3, 2020 1:15 PM
To: Barkley, Erik J (US 3970); Weiss, Howard; Jonathan Wilmot
Cc: CCSDS Engineering Steering Group - CESG Exec; Space Assigned Numbers Authority; CCSDS Secretariat
Subject: [EXTERNAL] Re: CESG Approval of Revised Information Security Glossary
Guys,
Once this document is approved those terms will be entered into / updated in the SANA Terminology registry.
That is the process and has been for years.
Thanks, Peter
From: Erik Barkley <erik.j.barkley at jpl.nasa.gov>
Date: Monday, February 3, 2020 at 10:07 AM
To: Howie Weiss <Howard.Weiss at parsons.com>, "Wilmot, Jonathan J. (GSFC-5820)" <Jonathan.J.Wilmot at NASA.gov>
Cc: Peter Shames <peter.m.shames at jpl.nasa.gov>
Subject: RE: CESG Approval of Revised Information Security Glossary
Howie,
Glad to hear you agree with getting the terms into SANA. With regard to getting “it” into SANA (existing glossary and/or security terms glossary – “it” was not quite clear to me but I assume security terms) I think that is something best initiated under the cognizance of the SE Area. I’ll be happy to “second” any motion if need be, but I think the origin for any such request has to be with the SE Area. I am copying Peter on this email.
Best regards,
-Erik
From: Weiss, Howard <Howard.Weiss at parsons.com>
Sent: Friday, January 31, 2020 10:25
To: Jonathan Wilmot <Jonathan.J.Wilmot at NASA.gov>; Barkley, Erik J (US 3970) <erik.j.barkley at jpl.nasa.gov>
Subject: [EXTERNAL] FW: CESG Approval of Revised Information Security Glossary
Erik and Jonathan
I just saw your comments regarding the Information Security Glossary and I couldn’t agree with you more.
It has always been our plan that the glossary move into SANA. Others have voiced the same opinion. However, there has been no movement. I’ve heard that the existing glossary found on the SANA web site required the first attention since its not been reviewed or revised. Maybe you guys can initiate some movement to get it into SANA?
Regards
howie
----------
HOWARD WEISS, CISSP
PARSONS, Inc.
7110 Samuel Morse Dr, Suite 200
Columbia, MD 21046
howard.weiss at parsons.com<mailto:howard.weiss at parsons.com>
443-430-8089 (office) / 443-494-9087 (mobile)
[cid:image001.png at 01D5DC01.57E57070]
From: SEA-SEC <sea-sec-bounces at mailman.ccsds.org<mailto:sea-sec-bounces at mailman.ccsds.org>> On Behalf Of Weiss, Howard
Sent: Friday, January 31, 2020 1:19 PM
To: 'sea-sec at mailman.ccsds.org' <sea-sec at mailman.ccsds.org<mailto:sea-sec at mailman.ccsds.org>>
Subject: [EXTERNAL] [Sea-sec] CESG Approval of Revised Information Security Glossary
FYI - The CESG has approved the revised Information Security Glossary:
* * * * * * * * * * * * * * * * * * * * * * * *
CESG E-Poll Identifier: CESG-P-2019-12-004 Approval to publish CCSDS 350.8-M-2, Information Security Glossary of Terms (Magenta Book, Issue 2) Results of CESG poll beginning 31 December 2019 and ending 29 January 2020:
Abstain: 0 (0%)
Approve Unconditionally: 6 (100%) (Barkley, Merri, Shames, Burleigh, Moury, Wilmot)
Approve with Conditions: 0 (0%)
Disapprove with Comment: 0 (0%)
CONDITIONS/COMMENTS:
Erik Barkley (Approve Unconditionally): A comment/question (not a condition): Seems like it would make sense to have this in SANA rather than a book -- has that been considered? In terms of normative application the MB could still be normative in identifying SANA registry and the update/governance policy.
Jonathan Wilmot (Approve
Unconditionally): I agree with Eric that glossaries would be better in SANA as they are living documents that will change over time. Example: where would terms from BPsec be placed?
Total Respondents: 6
All Areas responded to this question.
SECRETARIAT INTERPRETATION OF RESULTS: Approved Unconditionally
PROPOSED SECRETARIAT ACTION: Generate CMC poll
----------
HOWARD WEISS, CISSP
PARSONS, Inc.
7110 Samuel Morse Dr, Suite 200
Columbia, MD 21046
howard.weiss at parsons.com<mailto:howard.weiss at parsons.com>
443-430-8089 (office) / 443-494-9087 (mobile)
[cid:image001.png at 01D5DC01.57E57070]
NOTICE: This email message and all attachments transmitted with it may contain privileged and confidential information, and information that is protected by, and proprietary to, Parsons Corporation, and is intended solely for the use of the addressee for the specific purpose set forth in this communication. If the reader of this message is not the intended recipient, you are hereby notified that any reading, dissemination, distribution, copying, or other use of this message or its attachments is strictly prohibited, and you should delete this message and all copies and backups thereof. The recipient may not further distribute or use any of the information contained herein without the express written authorization of the sender. If you have received this message in error, or if you have any questions regarding the use of the proprietary information contained therein, please contact the sender of this message immediately, and the sender will provide you with further instructions._______________________________________________
CESG mailing list
CESG at mailman.ccsds.org
https://mailman.ccsds.org/cgi-bin/mailman/listinfo/cesg
This message is intended only for the recipient(s) named above. It may contain proprietary information and/or
protected content. Any unauthorised disclosure, use, retention or dissemination is prohibited. If you have received
this e-mail in error, please notify the sender immediately. ESA applies appropriate organisational measures to protect
personal data, in case of data privacy queries, please contact the ESA Data Protection Officer (dpo at esa.int)._______________________________________________
CESG mailing list
CESG at mailman.ccsds.org
https://mailman.ccsds.org/cgi-bin/mailman/listinfo/cesg
This message is intended only for the recipient(s) named above. It may contain proprietary information and/or
protected content. Any unauthorised disclosure, use, retention or dissemination is prohibited. If you have received
this e-mail in error, please notify the sender immediately. ESA applies appropriate organisational measures to protect
personal data, in case of data privacy queries, please contact the ESA Data Protection Officer (dpo at esa.int).
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.ccsds.org/pipermail/cesg/attachments/20200205/f0fbf525/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 9999 bytes
Desc: image001.png
URL: <http://mailman.ccsds.org/pipermail/cesg/attachments/20200205/f0fbf525/attachment-0001.png>
More information about the CESG
mailing list