[Moims-dai] FW: Conditions on CCSDS 652.1

david at giaretta.org david at giaretta.org
Tue Jul 27 10:17:14 UTC 2021 

Something to add to the  agenda today.

 

You may remember that we are concerned that finalising documents in CCSDS
would mean that if we get ISO comments that require changes then we would
have inconsistent CCSDS and ISO versions, which we certainly would not want,
so we would have to go through CCSDS again with Pink pages etc. to make the
two versions consistent. But I think there is no real risk with ISO 16919.

 

Anyway, we should resolve these issues. 

 

To make a start I've put some thoughts below.

 

..David

 

From: Mario.Merri at esa.int <Mario.Merri at esa.int> 
Sent: 27 July 2021 09:23
To: david at giaretta.org; garrett at his.com
Cc: Duhaze Marc <Marc.Duhaze at cnes.fr>
Subject: Conditions on CCSDS 652.1

 

Dear both, 

I recall that you have CESG conditions to resolve on CCSDS 652.1-P-2.1,
Requirements for Bodies Providing Audit and Certification of Candidate
Trustworthy Digital Repositories: 

Ignacio Aguilar Sanchez (Approve with Conditions):   
The following paragraph includes the word 'security' at the end. "B4
CONSEQUENCES OF NOT APPLYING SECURITY TO THE TECHNOLOGY If adequate steps
are not taken to 
address security issues then the information held by the  repository may be
put at risk, in particular risking confidentiality and security." 

That word should be replaced by either 'integrity' or 'authenticity', which
is like 'confidentiality', a specific security feature to be highlighted. 

 

This is ISO 16919.

The current text is:

B4          CONSEQUENCES OF NOT APPLYING SECURITY TO THE TECHNOLOGY

If adequate steps are not taken to address security issues then the
information held by the repository may be put at risk, in particular risking
confidentiality and security.

 

I think it would be useful to ADD "integrity" i.e. "risking confidentiality,
integrity and security" but I think confidentiality is different from
integrity in that if someone deleted a file then the collection's integrity
is destroyed but if one just takes a copy of a file with names and addresses
then confidentiality is destroyed.



Jonathan Wilmot (Approve Unconditionally):   
Reference format is not consistent. It is listed as reference [1]  " ISO
16363" . another time it's "CCSDS 652.0-M-1/ISO 16363" , and other times
it's just reference [1 ] 

Please move your document through the process. 

Also, in your report to MOIMS the title is wrong as it reads "Guidelines
..." and not "Requirements ...". Please make sure that next time you make it
consistent. 

Best regards, 

__Mario 

 

We should make the references consistent, and be consistent in using the
name.






 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.ccsds.org/pipermail/moims-dai/attachments/20210727/41c74976/attachment.htm>

More information about the MOIMS-DAI mailing list