Description:
Topic: OHDF January 2024 Meeting
Time: Jan 10, 2024 12:00 PM Eastern Time (US and Canada)
Join ZoomGov Meeting
https://mitre.zoomgov.com/j/1615093982
Meeting ID: 161 509 3982
One tap mobile
+16692545252,,1615093982# US (San Jose)
+16468287666,,1615093982# US (New York)
Dial by your location
+1 669 254 5252 US (San Jose)
+1 646 828 7666 US (New York)
+1 646 964 1167 US (US Spanish Line)
+1 551 285 1373 US (New Jersey)
+1 669 216 1590 US (San Jose)
+1 415 449 4000 US (US Spanish Line)
Meeting ID: 161 509 3982
Find your local number: https://mitre.zoomgov.com/u/aeBviT6wQp
Join by SIP
1615093982@sip.zoomgov.com
Join by H.323
161.199.138.10 (US West)
161.199.136.10 (US East)
Meeting ID: 161 509 3982
==========
Agenda:
- Introductions from the TC leadership (MITRE, industry leaders, OASIS Open personnel)
- Establishing regular TC cadence
- Current suggestion: Monthly
- Current state of OHDF
- Plans for next phase of activity
- Capture and formalize current OHDF schema
- Current suggestion: use [NIST Metaschema](https://pages.nist.gov/metaschema/)
- Open call for other suggestions from TC
- Resolves open PR on [Seed Contribution InSpecJS Schemas](https://github.com/oasis-tcs/ohdf/pull/4)
- Develop the next data elements to be established for OHDF v1.0 draft
- Current suggestions:
- "Target Data" -- the system to which the OHDF data pertains
- "Overall Control Status" -- dictates the "final" state of the control after all post-processing (attestations, waivers, etc.) is applied; can be used to override control state via attestations and waivers
- "Run Identifier" -- a UUID of some kind to differentiate the same OHDF-formatted scan run against the same target multiple times
- Resolves issues raised by users regarding OHDF not having any IDs for individual runs
- "Adjudicated Control" -- boolean which is flipped to True if the Overall Control Status was changed by an attestation or waiver
- Resolves concerns that attestations and waivers could be a "thumb on the scale" that would not be clear from the OHDF data
- Next datatype integration research
- Current suggestion: Integrating SBOM data into OHDF
- Open call for other suggestions from TC
- Open floor for TC members
==========
Minutes:
==========
Attendance:
Meeting Statistics |
Quorum rule |
51% of voting members
|
Achieved quorum |
no |
Individual Attendance |
Guest Attendees: 2 Observing Members: 1 of 5 (20%) Contributing Members: 6 of 29 (20%) Voting Members: 6 of 15 (40%) (used for quorum calculation)
|
Company Attendance |
Contributing Companies: 4 of 15 (26%) Voting Companies: 4 of 10 (40%)
|