[Moims-dai] FW: [Cesg-all] Results of CESG Polls closing 3 October 2024

david at giaretta.org david at giaretta.org
Mon Oct 7 14:23:15 UTC 2024


We should discuss these comments from CESG.

..David

-----Original Message-----
From: CESG-All <cesg-all-bounces at mailman.ccsds.org> On Behalf Of Thomas Gannett via CESG-All
Sent: 04 October 2024 19:20
To: cesg-all at mailman.ccsds.org
Subject: Re: [Cesg-all] Results of CESG Polls closing 3 October 2024

Correction: For CESG-P-2024-09-004, the results should read

CESG E-Poll Identifier:  CESG-P-2024-09-004 Approval to publish CCSDS 653.0-M-1, Information Preparation to Enable Long Term Use (Magenta Book, Issue 1)

Results of CESG poll beginning 19 September 2024 and ending 3 October 2024:

                 Abstain:  0 (0%)
 Approve Unconditionally:  2 (50%) (Fischer, Aguilar Sanchez)  Approve with Conditions:  2 (50%) (Barkley, Shames)  Disapprove with Comment:  0 (0%)  

CONDITIONS/COMMENTS:

     Erik Barkley (Approve with Conditions):  1) (Essentially editorial):  
pg 1-1: For the sentence that reads "However, it is widely recognized that many such endeavours are not able, for one reason or another, to leave a sufficient legacy of information so others can reuse and fully leverage the effort that has gone into the endeavor.", suggest citing at least one and perhaps two concrete examples rather than the generic "for one reason or another".  Rationale: if there is a "well-recognized need" then it seems there should be well-recognized examples re "one reason or another" that this recommendation is addressing. 

     Peter Shames (Approve with Conditions):  Overall I like the document and think it conveys the concepts quite clearly.  There are a couple of terms (CRIS and GDPR) that are named, but never clearly defined nor tied to any specific source.  I am fairly certain that CRIS does not mean Construction Risk and Insurance Specialist nor Certified Release of Information Specialist.  The introduction of PMBOK and DMBOK is very useful, but it would be better just handled in Annex B and not scattered repetitively in the document.  Strongly recommend defining your terms clearly and moving on.  The choice of the term "Collection Groups" instead of something like "Process Groups" seems a little peculiar and bothersome.  They are, after all, ""processes and not ""collections.  It may be a pain, but I would recommend re-thinking this choice of terms now.


Total Respondents:  4

No response was received from the following Area(s):

     SOIS
     SIS



SECRETARIAT INTERPRETATION OF RESULTS:  Approved with Conditions
PROPOSED SECRETARIAT ACTION:            Generate CMC poll after conditions have been addressed

* * * * * * * * * * * * * * * * * * * * * * * *


Logothete, L.L.C.
thomas.gannett at tgannett.net
+1 443 472 0805

-----Original Message-----
From: CCSDS Secretariat [mailto:thomas.gannett at tgannett.net]
Sent: Friday, October 04, 2024 3:16 PM
To: cesg-all at mailman.ccsds.org
Subject: Results of CESG Polls closing 3 October 2024

CESG E-Poll Identifier:  CESG-P-2024-09-001 Approval to publish CCSDS 650.0-M-3, Reference Model for an Open Archival Information System (OAIS) (Magenta Book, Issue 3)

Results of CESG poll beginning 19 September 2024 and ending 3 October 2024:

                 Abstain:  0 (0%)
 Approve Unconditionally:  2 (50%) (Fischer, Aguilar Sanchez)  Approve with Conditions:  2 (50%) (Barkley, Shames)  Disapprove with Comment:  0 (0%)  

CONDITIONS/COMMENTS:

     Erik Barkley (Approve with Conditions):  1) Minor editorial suggestion: the general form re figure annotions of "Functions of the <xyz> Functional Entity" seems a little clunky. Why not just phrase it as "<xyz> Entity Functions" ?

2) Pg 4-39 -- please identify the specific type of UML diagram -- It looks like a UML Class Diagram?  This will help the reader identify the semantics of the diagram. This also applies through the document -- perhaps just indicate somewhere in the introductory material that class diagrams are being used ? ( This could save some editing effort)

3) The security sections could be more to the point, and given that we are talking about securing archives which may (or likely will) contain key information to be preserved for a significant length of time, seems a bit lacking.  At a minimum suggest referencing NIST 800-209 and ISO/IEC 27040 for more detailed guidance on data storage security.  If it helps, I can also think of making sure this section addresses the following points:

    Regular Backups: Regularly backup critical data to ensure its availability in case of accidental deletion, hardware failure, or cyberattacks.
    Encryption: Implement encryption during both storage and transmission to protect data from unauthorized access.
    Access Controls: Set up robust access controls and authentication systems to ensure only authorized personnel can access the archived data.
    Multi-Factor Authentication (MFA): Enable MFA to add an extra layer of security.
    Secure Off-Site Storage: Use secure off-site storage solutions to protect data from physical threats.
    Regular Audits: Conduct regular audits and monitoring to detect and respond to any unauthorized access attempts.
    Anti-Malware and Firewalls: Use anti-malware software and firewalls to protect against cyber threats.
    Disaster Recovery Plan: Establish a disaster recovery plan to ensure data can be quickly restored in case of a major incident.

     Peter Shames (Approve with Conditions):  Vote 2) ​Request that the document adopt RASDS architecture documentation style in all diagrams.  The current set of diagrams is unclear and it is easy to confuse different kinds of rounded, clipped, burnished, objects.  Furthermore, the diagramming styles adopted are not even consistently used throughout the document.  Compare "information objects" shown in Figs 2-3 & 2-4 with those shown in sec 4.  This would bring this document into line with a number of other CCSDS documents, including the ASL which covers this same material at an overview level.
Vote 1) This is an issue that has been raised before and never satisfactorily resolved.  While there has clearly been some amount of attention paid to the diagrams used in this document they remain, to my eyes, inadequate, unclear, and inconsistent.  The use of nearly identical rounded, elongated, clippped corner objects to distinguish systems, functions, and organizations is unclear.  We now have a significant body of CCSDS documents that have successfully used RASDS to create diagrams that represent all of these same kinds of concepts (and more).  I can see no good reason, aside from the modest amount of time needed, for this document not to be brought in line with those conventions.  The results would be both alignment with the rest of these CCSDS documents, at least one of which references this same subject, and more importantly, increased clarity.  In addition, the document itself is internally inconsistent, since it uses at least three different drawing styles to represent "inf ormation".  Compare the "information objects" in figures 2-2, 2-3 (what are those brown things?), and the information objects modeled using UML in sec 4.3.1.  If more effort were put into consistent use of a standard representation, and less into creating "pillowy" shaded objects, the document would be much improved.


Total Respondents:  4

No response was received from the following Area(s):

     SOIS
     SIS



SECRETARIAT INTERPRETATION OF RESULTS:  Approved with Conditions
PROPOSED SECRETARIAT ACTION:            Generate CMC poll after conditions have been addressed

* * * * * * * * * * * * * * * * * * * * * * * *

CESG E-Poll Identifier:  CESG-P-2024-09-002 Approval to publish CCSDS 652.0-M-2, Audit and Certification of Trustworthy Digital Repositories (Magenta Book, Issue 2)

Results of CESG poll beginning 19 September 2024 and ending 3 October 2024:

                 Abstain:  0 (0%)
 Approve Unconditionally:  4 (100%) (Barkley, Fischer, Shames, Aguilar Sanchez)  Approve with Conditions:  0 (0%)  Disapprove with Comment:  0 (0%)  

Total Respondents:  4

No response was received from the following Area(s):

     SOIS
     SIS



SECRETARIAT INTERPRETATION OF RESULTS:  Approved Unconditionally
PROPOSED SECRETARIAT ACTION:            Generate CMC poll

* * * * * * * * * * * * * * * * * * * * * * * *

CESG E-Poll Identifier:  CESG-P-2024-09-003 Approval to publish CCSDS 652.1-M-3, Requirements for Bodies Providing Audit and Certification of Candidate Trustworthy Digital Repositories (Magenta Book, Issue 3)

Results of CESG poll beginning 19 September 2024 and ending 3 October 2024:

                 Abstain:  0 (0%)
 Approve Unconditionally:  4 (100%) (Barkley, Fischer, Shames, Aguilar Sanchez)  Approve with Conditions:  0 (0%)  Disapprove with Comment:  0 (0%)  

Total Respondents:  4

No response was received from the following Area(s):

     SOIS
     SIS



SECRETARIAT INTERPRETATION OF RESULTS:  Approved Unconditionally
PROPOSED SECRETARIAT ACTION:            Generate CMC poll

* * * * * * * * * * * * * * * * * * * * * * * *

CESG E-Poll Identifier:  CESG-P-2024-09-004 Approval to publish CCSDS 653.0-M-1, Information Preparation to Enable Long Term Use (Magenta Book, Issue 1)

Results of CESG poll beginning 19 September 2024 and ending 3 October 2024:

                 Abstain:  0 (0%)
 Approve Unconditionally:  1 (33.33%) (Fischer)  Approve with Conditions:  2 (66.67%) (Barkley, Shames)  Disapprove with Comment:  0 (0%)  

CONDITIONS/COMMENTS:

     Erik Barkley (Approve with Conditions):  1) (Essentially editorial):  
pg 1-1: For the sentence that reads "However, it is widely recognized that many such endeavours are not able, for one reason or another, to leave a sufficient legacy of information so others can reuse and fully leverage the effort that has gone into the endeavor.", suggest citing at least one and perhaps two concrete examples rather than the generic "for one reason or another".  Rationale: if there is a "well-recognized need" then it seems there should be well-recognized examples re "one reason or another" that this recommendation is addressing. 

     Peter Shames (Approve with Conditions):  Overall I like the document and think it conveys the concepts quite clearly.  There are a couple of terms (CRIS and GDPR) that are named, but never clearly defined nor tied to any specific source.  I am fairly certain that CRIS does not mean Construction Risk and Insurance Specialist nor Certified Release of Information Specialist.  The introduction of PMBOK and DMBOK is very useful, but it would be better just handled in Annex B and not scattered repetitively in the document.  Strongly recommend defining your terms clearly and moving on.  The choice of the term "Collection Groups" instead of something like "Process Groups" seems a little peculiar and bothersome.  They are, after all, ""processes and not ""collections.  It may be a pain, but I would recommend re-thinking this choice of terms now.


Total Respondents:  3

No response was received from the following Area(s):

     SOIS
     SLS
     SIS



SECRETARIAT INTERPRETATION OF RESULTS:  Approved with Conditions
PROPOSED SECRETARIAT ACTION:            Generate CMC poll after conditions have been addressed

* * * * * * * * * * * * * * * * * * * * * * * *



_______________________________________________
CESG-All mailing list
CESG-All at mailman.ccsds.org
https://mailman.ccsds.org/cgi-bin/mailman/listinfo/cesg-all



More information about the MOIMS-DAI mailing list