From: nobody@REPLAY.COM (Anonymous)
To: cypherpunks@toad.com
Message Hash: 7d893ea2ea62ad214e2607a672f4dd2c73fd6659ea443c10387c929be2ac9508
Message ID: <199509292240.XAA16987@utopia.hacktic.nl>
Reply To: N/A
UTC Datetime: 1995-09-29 22:40:21 UTC
Raw Date: Fri, 29 Sep 95 15:40:21 PDT
From: nobody@REPLAY.COM (Anonymous)
Date: Fri, 29 Sep 95 15:40:21 PDT
To: cypherpunks@toad.com
Subject: Call for IT Sec XX
Message-ID: <199509292240.XAA16987@utopia.hacktic.nl>
MIME-Version: 1.0
Content-Type: text/plain
From: <http://www.xiwt.org/secpros1.htm>
Call for White Papers
Information Technology Security Policy Setting Process
issued by the
Cross-Industry Working Team
Thursday, September 28, 1995
Introduction
The Cross-Industry Working Team (XIWT) is seeking inputs from
U.S.
industry on ways to improve the process by which public policy
on
information technology systems security is developed. At the
invitation of the Information Infrastructure Task Force (IITF)
of
the U.S. government, XIWT is soliciting ideas broadly from US
industry, in the form of White Papers that address this issue.
XIWT
will, later this year, convene a workshop of industry experts
to
organize the ideas and suggestions expressed in these White
Papers
into a report for use by the IITF, and will prepare a report to
be
made available to the public.
XIWT is a multi-industry coalition of organizations committed
to
defining the architecture and key technical requirements for a
powerful and sustainable national information infrastructure
(NII).
XIWT aims to foster the understanding, development and
application
of technologies that cross industry boundaries; facilitate the
conversion of the NII vision into real-world implementations,
and
facilitate a dialogue among representatives of stakeholders in
the
private and public sector. Additional information about XIWT
can be
found on the Internet at: http://www.xiwt.org/homepage.
Information Technology Systems Security
In the developing National Information Infrastructure (NII),
information technology will be deployed in a wide range of
contexts
and systems including communications, computing, software
systems,
and many different types of applications. The ability of this
technology, and the systems which employ it, to provide the
requisite levels of security and protection, are of concern to
almost everyone.
Issues of central concern include: physical protection of
systems
and their contents, potential vulnerabilities at various points
within the networked environments of these systems, and the
ability
to provide or even guarantee reliable and/or uninterruptable
service. The infrastructure for such capabilities will need to
include mechanisms for the protection of networks, computers
and
other types of equipment as well as systems that employ these
elements, as well as methods for analysis, certification and
validation of technology and systems, and for facilitating the
setting of standards. It is likely that cryptographic
capabilities
will need to be available throughout for possible use in
protection
and authentication of information. Issues involving the
management
of these capabilities will need to be uncovered, discussed and
resolved where possible. At present, the federal government has
no
formal process in place, in the Congress or in Executive Branch
agencies, which adequately involves the private sector in the
determination of public policy in this area.
Responsibilities for this broad area within the federal
government
are widely diffused and do not necessarily insure that all the
relevant concerns of the private sector are taken into account.
Further, no single process is used by the various parts of the
federal government and a variety of policies, reflected in
laws,
regulation and practice, usually result. A methodology is
required
by which private sector interests can be adequately expressed
and
factored into resulting policies. The purpose of this call for
white papers is to request written inputs from interested and
knowledgable parties on how the formal process to developing
information technology systems security policies may be
improved,
and particularly on how private sector inputs can be most
effectively incorporated.
Specifically, industry is requested to identify those areas,
domains, and issues that are especially relevant for
consideration,
and to recommend specific suggestions or approaches by which
the
policy determination process in these areas may be improved.
This
may entail, for example, the establishment of one or more
bodies
dedicated to this purpose, within or across domains; the
creation
of a broad set of principles for the government or other bodies
to
employ; the setting of national goals or other specific
recommendations for federal action.
Submissions
White papers are specifically solicited from U.S. industry;
other
individuals who wish to contribute are welcome to do so.
Submissions may be made on paper or electronically by sending
electronic mail, document files, or via a form located on the
XIWT
World Wide Web server (addresses below). Submissions made on
behalf
of companies will be taken to represent the views of the firm;
these will be verified if it is not made clear in the
submission
that the document represents a company position. Individual
submissions will not be verified if they do not claim to
represent
company positions.
Submissions should be: 1) responsive to the primary goal of
this
call, (focused specifically on process improvement and not the
presentation of view on policy deficiencies or on desired
policies); 2) clear in terms of specific topics, areas or
domains
of policy; 3) reasonably direct, brief and timely.
Any format may be used for the white paper, and it may be of
any
length. However, submissions must include the following
information, on envelopes or headers to email and web messages,
and
on the submission document, whatever its form:
1. The name of individual making the submission;
2. The name of firm on whose behalf the submission is made;
3. The return address by which submission may be verified, if
necessary.
XIWT will convene a one or two day invitational workshop in
the
Washington DC area in December, 1995, to review submissions and
organize the preparation of findings. Papers received by
November
15, 1995, will be used in the workshop. The report of this
effort
is intended to be made available in February, 1996.
Submissions must be made to one of the following addresses:
Conventional Mail:
Security Policy Process
XIWT
1895 Preston White Drive
Suite 100
Reston VA 22091-0913
Electronic Mail:
secpros@cnri.reston.va.us
Please place: "Security Policy Process" in the "Subject:"
field.
Please use ASCII text in any attachments.
World Wide Web: suggestions may be contributed via the internet
at: http://www.xiwt.org/response
The content of submissions will be used by XIWT only for the
purposes described in this call. No specific attribution to
individual companies or individuals will be made in the
findings or
report. We look forward to your help in this important national
effort.
For additional information, please contact Charles Brownstein
or
Pam Memmott
Tel: (703) 620-8990
Internet: cbrownst@cnri.reston.va.us
Internet: pmemmott@cnri.reston.va.us
9/22/95; PJM
Return to September 1995
Return to “nobody@REPLAY.COM (Anonymous)”
1995-09-29 (Fri, 29 Sep 95 15:40:21 PDT) - Call for IT Sec XX - nobody@REPLAY.COM (Anonymous)