Difference between revisions of "October 30, 2018 Security Conference Call"
(→Agenda) |
|||
(10 intermediate revisions by 3 users not shown) | |||
Line 44: | Line 44: | ||
#''(2 min)'' '''Roll Call, Agenda Approval''' | #''(2 min)'' '''Roll Call, Agenda Approval''' | ||
#''(2 min)'' '''[http://wiki.hl7.org/index.php?title=October_23,_2018_Security_Conference_Call Review and Approval of Minutes October 23, 2018] | #''(2 min)'' '''[http://wiki.hl7.org/index.php?title=October_23,_2018_Security_Conference_Call Review and Approval of Minutes October 23, 2018] | ||
− | #''(15 min)'' '''[https://gforge.hl7.org/gf/project/security/docman/HL7%20Security%20SOA/TF4FA%20(formerly%20PSAF)/TF4FA%20-%20Ballot%20Reconciliation%20May%202018%20ballot/ballotcomments_V3_PSAF_R1_N1_2018MAY% | + | #''(15 min)'' '''[https://gforge.hl7.org/gf/project/security/docman/HL7%20Security%20SOA/TF4FA%20(formerly%20PSAF)/TF4FA%20-%20Ballot%20Reconciliation%20May%202018%20ballot/ballotcomments_V3_PSAF_R1_N1_2018MAY%20amalgamated_20181030.xlsm Review last block of TF4FA Vol 1 and 2 Ballot comments: 147 - 161 from TF4FA Recon call]''' Final vote on the last of the dispositions is scheduled for 10/30. |
− | #''(2 min)'' '''[http://wiki.hl7.org/index.php?title=PASS_Healthcare_Audit_Services Update on revision of PASS Audit]''' - Mike | + | #''(2 min)'' '''[http://wiki.hl7.org/index.php?title=PASS_Healthcare_Audit_Services Update on revision of PASS Audit]''' - Mike |
#''(2 min)'' '''[http://www.hl7.org/special/committees/tsc/ballotmanagement/DisplayNIB.cfm?ballot_document_sdo_id=1004 TF4FA Trust Framework, Volume 3 NIB Submission]''' - Mike | #''(2 min)'' '''[http://www.hl7.org/special/committees/tsc/ballotmanagement/DisplayNIB.cfm?ballot_document_sdo_id=1004 TF4FA Trust Framework, Volume 3 NIB Submission]''' - Mike | ||
− | #''(5 min)'' '''3 Reaffirmation NIBs [http://www.hl7.org/special/committees/tsc/ballotmanagement/DisplayNIB.cfm?ballot_document_sdo_id=1016 HCS], [http://www.hl7.org/special/committees/tsc/ballotmanagement/DisplayNIB.cfm?ballot_document_sdo_id=1017 SLS], [http://www.hl7.org/special/committees/tsc/ballotmanagement/DisplayNIB.cfm?ballot_document_sdo_id=1015 SPO] | + | #''(5 min)'' '''[http://www.hl7.org/special/Committees/projman/searchableProjectIndex.cfm?action=edit&ProjectNumber=1440DS4 DS4P Project page] and [https://gforge.hl7.org/gf/project/security/docman/HL7%20DS4P%20Ballot/DS4P%20Reaffirm.pdf DS4P Reaffirmation NIB]''' - Security WG as cosponsor needs to vote to approve. |
− | #''(15 min)'' '''[https://gforge.hl7.org/gf/project/security/docman/Harmonization/Nov%202018%20Harmonization/CUI%20Security%20Label%20Harmonization%20Proposal CUI Security Label Harmonization Proposal - More than you ever want to know]- Kathleen | + | #''(5 min)'' '''3 Reaffirmation NIBs [http://www.hl7.org/special/committees/tsc/ballotmanagement/DisplayNIB.cfm?ballot_document_sdo_id=1016 HCS], [http://www.hl7.org/special/committees/tsc/ballotmanagement/DisplayNIB.cfm?ballot_document_sdo_id=1017 SLS], [http://www.hl7.org/special/committees/tsc/ballotmanagement/DisplayNIB.cfm?ballot_document_sdo_id=1015 SPO] submitted this weekend''' - Kathleen |
+ | #''(15 min)'' '''[https://gforge.hl7.org/gf/project/security/docman/Harmonization/Nov%202018%20Harmonization/CUI%20Security%20Label%20Harmonization%20Proposal.pptx CUI Security Label Harmonization Proposal - More than you ever want to know]- Kathleen | ||
#''(10 min)'' '''FHIR Security Update on [https://gforge.hl7.org/gf/project/security/docman/FHIR%20Security/JSON%20Security%20Labels/XSAP%202%20JSON%20FHIR%20Security.docx XSAP 2.0 JSON FHIR Security Labels]''' and other happenings - John | #''(10 min)'' '''FHIR Security Update on [https://gforge.hl7.org/gf/project/security/docman/FHIR%20Security/JSON%20Security%20Labels/XSAP%202%20JSON%20FHIR%20Security.docx XSAP 2.0 JSON FHIR Security Labels]''' and other happenings - John | ||
#* FHIR-Security call will be alternating between core FHIR Security topics, and work on FHIR Connectathon - Care Plan scenario | #* FHIR-Security call will be alternating between core FHIR Security topics, and work on FHIR Connectathon - Care Plan scenario | ||
#''(5 min)'' '''GDPR whitepaper on FHIR''' Update - Alex | #''(5 min)'' '''GDPR whitepaper on FHIR''' Update - Alex | ||
− | |||
==Meeting Materials== | ==Meeting Materials== | ||
Line 73: | Line 73: | ||
==Meeting Minutes DRAFT== | ==Meeting Minutes DRAFT== | ||
− | Chair, | + | Chair, Chris Shawn |
+ | |||
+ | Approval of Meeting Minutes (Kathleen/Suzanne) | ||
+ | * Abstain: none; Oppose: none; Approve: 8 (Suzanne to confirm) | ||
+ | |||
+ | |||
+ | '''Review of TF4FA Ballot ''' | ||
+ | * [https://gforge.hl7.org/gf/project/security/docman/HL7%20Security%20SOA/TF4FA%20(formerly%20PSAF)/TF4FA%20-%20Ballot%20Reconciliation%20May%202018%20ballot/ballotcomments_V3_PSAF_R1_N1_2018MAY%20amalgamated_20181030.xlsm Review last block of TF4FA Vol 1 and 2 Ballot comments: 147 - 161 from TF4FA Recon call] | ||
+ | Block Vote Approval of (above listed): (Kathleen/Suzanne) | ||
+ | Above, Including Comment Resolutions #26, #66, #105 | ||
+ | |||
+ | Objections: none; Abstentions: none; Approval: 8 (Suzanne to confirm) | ||
+ | Point of Question - When do we ask for voter retraction of the ballot negative; do we have to complete the updated document | ||
+ | * upload the reconciliation spreadsheet (under co-chair abilities on HL7.org page) | ||
+ | * Suzanne or Kathleen will upload ballot reconciliation sheet and notify negative voters requesting withdrawal of negative vote | ||
+ | |||
+ | |||
+ | '''PASS Audit''' | ||
+ | Ballot reconciliation completed, have been placing comments into the document. We will need to provide the Security WG chairs with the spreadsheet for negative voters to withdraw their vote | ||
+ | |||
+ | |||
+ | '''DS4P''' | ||
+ | * NIB submitted; move the discussion forward so that Johnathan can speak to DS4P reaffirmation | ||
+ | * Normative standard going through reaffirmation (potentially) | ||
+ | ** HL7 has tightened its timelines ; within CBCP we have voted affirmative to move forward with this standards--because we did not meet following WGM; we appealed to the TSC which was approved | ||
+ | ** along with that the PSS and additional administrative is going through Clinical SD for approval 10-day eVote period | ||
+ | ** NIB submitted today | ||
+ | on behalf of CBCP WG, Security as the co-sponsor of WG is that we vote for the affirmation today (just in case) vote is needed | ||
+ | |||
+ | MOTION to vote on reaffirmation on DS4P (Johnathan / Suzanne) | ||
+ | *VOTE: objections: none; Abstentions: none; Approval: | ||
+ | |||
+ | |||
+ | NIB submitted for HL7 TF4FA; | ||
+ | * Voted to agree to change TF4FA to '' '''Trust Framework for Security and Privacy'' ''' - may change name after ballot (Volume 3 with Provenance in the name (changing the names of the other documents when a PSS is updated) | ||
+ | |||
+ | NIBs submitted for HCS, SLS, SPO also submitted this weekend; for January 2018 ballot cycle | ||
+ | |||
+ | |||
+ | Review of CUI Security Label Harmonization Proposal <<link to PPT>> | ||
+ | * missed on the privacy CUI portions for the proposal | ||
+ | * Discussion and updates made to the PPT | ||
+ | ** also missing dissemination CUI? | ||
+ | |||
+ | |||
+ | Meeting adjourned 1:04 Arizona Time --[[User:Suzannegw|Suzannegw]] ([[User talk:Suzannegw|talk]]) 16:05, 30 October 2018 (EDT) | ||
+ | [[Security|Back to Security Main Page]] |
Latest revision as of 19:58, 6 November 2018
Attendees
x | Member Name | x | Member Name | x | Member Name | x | Member Name | |||
---|---|---|---|---|---|---|---|---|---|---|
x | John Moehrke Security Co-chair | x | Kathleen Connor Security Co-chair | x | Alexander Mense Security Co-chair | . | Trish Williams Security Co-chair | |||
x | Christopher Shawn Security Co-chair | x | Suzanne Gonzales-Webb | x | Mike Davis | . | David Staggs | |||
x | Diana Proud-Madruga | . | Johnathan Coleman | . | Francisco Jauregui | . | Joe Lamy | |||
. | Theresa Ardal Connor | . | Greg Linden | . | Grahame Grieve | . | Dave Silver | |||
. | Beth Pumo | x | Jim Kretz | . | Peter Bachman | . | Bo Dagnall |
Agenda
- (2 min) Roll Call, Agenda Approval
- (2 min) Review and Approval of Minutes October 23, 2018
- (15 min) Review last block of TF4FA Vol 1 and 2 Ballot comments: 147 - 161 from TF4FA Recon call Final vote on the last of the dispositions is scheduled for 10/30.
- (2 min) Update on revision of PASS Audit - Mike
- (2 min) TF4FA Trust Framework, Volume 3 NIB Submission - Mike
- (5 min) DS4P Project page and DS4P Reaffirmation NIB - Security WG as cosponsor needs to vote to approve.
- (5 min) 3 Reaffirmation NIBs HCS, SLS, SPO submitted this weekend - Kathleen
- (15 min) CUI Security Label Harmonization Proposal - More than you ever want to know- Kathleen
- (10 min) FHIR Security Update on XSAP 2.0 JSON FHIR Security Labels and other happenings - John
- FHIR-Security call will be alternating between core FHIR Security topics, and work on FHIR Connectathon - Care Plan scenario
- (5 min) GDPR whitepaper on FHIR Update - Alex
Meeting Materials
- CUI Rule 32 CFR Part 2002
- SP 800-171A
- CUI Marking Handbook
- CUI Health Information Category
- CUI Registry: Limited Dissemination Controls
- CUI Policy and Guidance
- CUI Glossary
- CUI Updated Training Videos
Introduction to Marking CUI (updated August 6, 2018) Introduction to Marking CUI (updated August 6, 2018) This video provides an overview of how to mark documents, emails, presentations, systems, and other files that contain CUI. It specifically addresses the designation indicator and the CUI banner marking, including the CUI control marking, CUI category markings, and Limited Dissemination Control Markings. It also discusses portion marking, the use of cover sheets, marking multi-page documents, and decontrolling CUI. NIST CUI Security Requirements Workshop 10/18/18 Everything you ever wanted to know about CUI
- CUI Security Requirements Workshop Agenda
- Workshop Video
- Controlled Unclassified Information: Unauthorized Disclosure: Prevention and Reporting
Meeting Minutes DRAFT
Chair, Chris Shawn
Approval of Meeting Minutes (Kathleen/Suzanne)
- Abstain: none; Oppose: none; Approve: 8 (Suzanne to confirm)
Review of TF4FA Ballot
Block Vote Approval of (above listed): (Kathleen/Suzanne) Above, Including Comment Resolutions #26, #66, #105
Objections: none; Abstentions: none; Approval: 8 (Suzanne to confirm) Point of Question - When do we ask for voter retraction of the ballot negative; do we have to complete the updated document
- upload the reconciliation spreadsheet (under co-chair abilities on HL7.org page)
- Suzanne or Kathleen will upload ballot reconciliation sheet and notify negative voters requesting withdrawal of negative vote
PASS Audit
Ballot reconciliation completed, have been placing comments into the document. We will need to provide the Security WG chairs with the spreadsheet for negative voters to withdraw their vote
DS4P
- NIB submitted; move the discussion forward so that Johnathan can speak to DS4P reaffirmation
- Normative standard going through reaffirmation (potentially)
- HL7 has tightened its timelines ; within CBCP we have voted affirmative to move forward with this standards--because we did not meet following WGM; we appealed to the TSC which was approved
- along with that the PSS and additional administrative is going through Clinical SD for approval 10-day eVote period
- NIB submitted today
on behalf of CBCP WG, Security as the co-sponsor of WG is that we vote for the affirmation today (just in case) vote is needed
MOTION to vote on reaffirmation on DS4P (Johnathan / Suzanne)
- VOTE: objections: none; Abstentions: none; Approval:
NIB submitted for HL7 TF4FA;
- Voted to agree to change TF4FA to Trust Framework for Security and Privacy - may change name after ballot (Volume 3 with Provenance in the name (changing the names of the other documents when a PSS is updated)
NIBs submitted for HCS, SLS, SPO also submitted this weekend; for January 2018 ballot cycle
Review of CUI Security Label Harmonization Proposal <<link to PPT>>
- missed on the privacy CUI portions for the proposal
- Discussion and updates made to the PPT
- also missing dissemination CUI?
Meeting adjourned 1:04 Arizona Time --Suzannegw (talk) 16:05, 30 October 2018 (EDT)
Back to Security Main Page