1995-09-29 - Call for IT Sec XX

Header Data

From: nobody@REPLAY.COM (Anonymous)
To: cypherpunks@toad.com
Message Hash: 7d893ea2ea62ad214e2607a672f4dd2c73fd6659ea443c10387c929be2ac9508
Message ID: <199509292240.XAA16987@utopia.hacktic.nl>
Reply To: N/A
UTC Datetime: 1995-09-29 22:40:21 UTC
Raw Date: Fri, 29 Sep 95 15:40:21 PDT

Raw message

From: nobody@REPLAY.COM (Anonymous)
Date: Fri, 29 Sep 95 15:40:21 PDT
To: cypherpunks@toad.com
Subject: Call for IT Sec XX
Message-ID: <199509292240.XAA16987@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain



From: <http://www.xiwt.org/secpros1.htm>


                      Call for White Papers

     Information Technology Security Policy Setting Process

                          issued by the

                   Cross-Industry Working Team

                  Thursday, September 28, 1995


Introduction

The Cross-Industry Working Team (XIWT) is seeking inputs from 
U.S.
industry on ways to improve the process by which public policy 
on
information technology  systems security is developed. At the
invitation of the Information Infrastructure Task Force (IITF) 
of
the U.S. government, XIWT is soliciting ideas broadly from US
industry, in the form of White Papers that address this issue. 
XIWT
will, later this year, convene a workshop of industry experts 
to
organize the ideas and suggestions expressed in these White 
Papers
into a report for use by the IITF, and will prepare a report to 
be
made available to the public.

XIWT is a multi-industry coalition of organizations committed 
to
defining the architecture and key technical requirements for a
powerful and sustainable national information infrastructure 
(NII).
XIWT aims to foster the understanding, development and 
application
of technologies that cross industry boundaries; facilitate the
conversion of the NII vision into real-world implementations, 
and
facilitate a dialogue among representatives of stakeholders in 
the
private and public sector. Additional information about XIWT 
can be
found on the Internet at: http://www.xiwt.org/homepage.


Information Technology Systems Security

In the developing National Information Infrastructure (NII),
information technology will be deployed in a wide range of 
contexts
and systems including communications, computing, software 
systems,
and many different types of applications. The ability of this
technology, and the systems which employ it, to provide the
requisite levels of security and protection, are of concern to
almost everyone.

Issues of central concern include: physical protection of 
systems
and their contents, potential vulnerabilities at various points
within the networked environments of these systems, and the 
ability
to provide or even guarantee reliable and/or uninterruptable
service. The infrastructure for such capabilities will need to
include mechanisms for the protection of networks, computers 
and
other types of equipment as well as systems that employ these
elements, as well as methods for analysis, certification and
validation of technology and systems, and for facilitating the
setting of standards. It is likely that cryptographic 
capabilities
will need to be available throughout for possible use in 
protection
and authentication of information. Issues involving the 
management
of  these capabilities will need to be uncovered, discussed and
resolved where possible. At present, the federal government has 
no
formal process in place, in the Congress or in Executive Branch
agencies, which adequately involves the private sector in the
determination of public policy in this area.

Responsibilities for this broad area within the federal 
government
are widely diffused and do not necessarily insure that all the
relevant concerns of the private sector are taken into account.
Further, no single process is used by the various parts of the
federal government and a variety of policies, reflected in 
laws,
regulation and practice, usually result. A methodology is 
required
by which private sector interests can be adequately expressed 
and
factored into resulting policies. The purpose of this call for
white papers is to request written inputs from interested and
knowledgable parties on how the formal process to developing
information technology systems security policies may be 
improved,
and particularly on how private sector inputs can be most
effectively incorporated.

Specifically, industry is requested to identify those areas,
domains, and issues that are especially relevant for 
consideration,
and to recommend specific suggestions or approaches by which 
the
policy determination process in these areas may be improved. 
This
may entail, for example,  the establishment of one or more 
bodies
dedicated to this purpose, within or across domains; the 
creation
of a broad set of principles for the government or other bodies 
to
employ; the setting of national goals or other specific
recommendations for federal action.


Submissions

White papers are specifically solicited from U.S. industry; 
other
individuals who wish to contribute are welcome to do so.
Submissions may be made on paper or electronically by sending
electronic mail, document files, or via a form located on the 
XIWT
World Wide Web server (addresses below). Submissions made on 
behalf
of companies will be taken to represent the views of the firm;
these will be verified if it is not made clear in the 
submission
that the document represents a company position. Individual
submissions will not be verified if they do not claim to 
represent
company positions.

Submissions should be: 1) responsive to the primary goal of 
this
call, (focused specifically on process improvement and not the
presentation of  view on policy deficiencies or on desired
policies); 2) clear in terms of specific topics, areas or 
domains
of policy; 3) reasonably direct, brief and timely.

Any format may be used for the white paper, and it may be of 
any
length. However, submissions must include the following
information, on envelopes or headers to email and web messages, 
and
on the submission document, whatever its form:

1.   The name of individual making the submission;

2.   The name of firm on whose behalf the submission is made;

3.   The return address by which submission may be verified, if
     necessary.

XIWT will convene a one or two day  invitational workshop in 
the
Washington DC area in December, 1995, to review submissions and
organize the preparation of findings. Papers received by 
November
15, 1995, will be used in the workshop.  The report of this 
effort
is intended to be made available in February, 1996.

Submissions must be made to one of the following addresses:

Conventional Mail:

     Security Policy Process
     XIWT
     1895 Preston White Drive
     Suite 100
     Reston VA 22091-0913

Electronic Mail:

     secpros@cnri.reston.va.us

Please place: "Security Policy Process" in the "Subject:" 
field.
Please use ASCII text in any attachments.

World Wide Web: suggestions may be contributed via the internet 

at: http://www.xiwt.org/response


The content of submissions will be used by XIWT only for the
purposes described in this call. No specific attribution to
individual companies or individuals will be made in the 
findings or
report. We look forward to your help in this important national
effort.

For additional information, please contact Charles Brownstein 
or
Pam Memmott 
Tel:  (703) 620-8990
Internet: cbrownst@cnri.reston.va.us
Internet: pmemmott@cnri.reston.va.us


9/22/95; PJM








Thread