This is a placeholder for Trust Framework corresponding commentary, including "parking lot" items for review potentially as part of commentary.
Parking Lot:
Example from DoD The following was circulated a few minutes ago on an IDESG/NSTIC list, illustrating the DoD order of precedence as it relates to legal and technical standards based rules:
From: [email protected] [mailto:[email protected]] Sent: Thursday, February 13, 2014 10:20 AM To: Tilton, Cathy; [email protected] Subject: Re: [Standards_sc] Agenda for the 13 February SCC meeting
Good morning Cathy!
I tried dialing in but the teleconferenc is proably cancelled due to the snow today ... if not, please send me an email right away. Thanks!
Regarding today's topic, here is what DoD has adopted in our IT Standards Policy regarding standards selection:
"The IT Program strategy is to use accredited open standards from authoritative sources in accordance with DoD policy and preferences. The DoD prefers that its requirements are satisfied within open consensus-based public and private sector standards currently available or under development. Being available from a reputable and authoritative source means that the responsible SDO/SSO must have an established position within the relevant technical, professional, and marketplace communities as an objective authority in its sphere of activity. This also implies that the standards developed by the organization are widely accepted and have been successfully implemented in the marketplace. The “open” requirement for IT standards is not simply a desired characteristic – it is based in practical legal and cost considerations. Standards must be publicly available and free from patents, copyrights, intellectual property right constraints, and be royalty free."
We have a table that lists order of precedence:
"a. Selection of IT Standards (1) IT standards will be considered for adoption using the priority order identified in the Table.
Table. DoD Standards Consideration Priorities
Priority
Source
Example
1
Federal Regulation
or Law
US Code, OMB Circular
2
Internationally Accredited and Treaty Based
International Standards Organization (ISO), International Electrotechnical Commission (IEC), United Nations/Economic Commission for Europe (UN/ECE), International Telecommunication Union (ITU), International Standardization Agreement
3
National
American National Standards Institute (ANSI)
4
Professional Society, Technology Consortia, Industry Association
Institute of Electrical and Electronics Engineers, Internet Engineering Task Force (IETF), World Wide Web Consortium (W3C), Organization for the Advancement of Structured Information Standards (OASIS), Object Management Group
5
Federal
Federal Information Processing Standard
6
Military
MIL-STD, standardization agreement
(2) These attributes and characteristics as defined in the SOP will be considered by the JESC when selecting standards for inclusion in the DISR.
(a) Utility: Primary features and functions of this standard meet DoD requirements.
(b) Interoperability: Standard meets requirements to connect, access, and share applications and services.
(c) Technical Maturity: Standard is established, stable, and has well-established marketplace support.
(d) Implementability: Standard is used in applications within the federal or private sector.
(e) Security: Standard that does not introduce unacceptable information risks to the environment. Security is a condition that results from the establishment and maintenance of protective measures that enable an enterprise to perform its mission or critical functions despite risks posed by threats to its use of information systems.
(f) Applicability: Standard is relevant and meets the needs of programs to include potential risks, impacts on cost, schedule, performance, and security.
(g) Intellectual Property Rights: Standard is publicly available and is not subjected to intellectual property rights claims such as patents, royalties, or overly burdensome copyright provisions.
(h) Public Availability: Standard is publicly accessible for unrestricted use."
R,
Jerry
Consider including a section with tutorial and sample scenarios demonstrating how to apply the provisions and rules in common, key or irregular situations.
Potentially include business workflow and process application examples, legal addenda or amendments to harmonize terms and technical updates or migration guidance to interoperate.