iTC Meeting Minutes 2022 06 28 - biometricITC/cPP-biometrics GitHub Wiki

Agenda

https://github.com/biometricITC/cPP-biometrics/wiki/iTC-Meeting-Agenda-2022-06-28 Call started at 10:02am EDT

Attendees

Brian Wood
Greg Ott
Clare Parran
Greg Fiumara
Naruki Kai
Jim Arnold
Ahmad Dahari Jarno

Record of Decisions

None

Action Items

Brian will update and create pull requests

Minutes

The call started with a review of the task list. Brian noted that NIAP said they were close to sending out the v3.3 for one last review but that it should be ready for publication soon. They were watching our changes (and happy that the SFRs were not being changed).

The call then moved on to the Supporting Doc Issues and looked at the open pull requests.

PR #388 was first reviewed and merged with no comments. This was followed by PR #380. This closed all the BIOSD reported issues.

The next topic was the Toolbox integration pull request. This was reviewed and merged. This was followed by TB PR #55 which added information about the modality toolbox versioning and how it should be listed in a Security Target.

TB PR #56 was then merged without comments after a quick review.

TB PR #57 was then discussed. It was determined that some additional clarification was still needed to narrow the scope of the evidence needed (i.e. not a GoPro tracking everything, but selective evidence that shows proper steps were taken). Brian will work on an update for review.

TB PR #58 was quickly reviewed but not merged and there were no comments on the call. This will be reviewed again on the next call.

TB #53 was then discussed. It was determined that this needed a minor clarification to the Toolbox overview that stated that the independent testing had to be completed in a week (which may not be feasible, depending on experience, etc). Brian will create a pull request for this change removing the statement. This should resolve the confusion.

The final topic was Face #17 to discuss how to handle the requirements specifying that the camera (and other devices) must have been released within a year of the evaluation. Part of the concern here is that this could lead to acquiring the cheapest devices that meet the requirements due to the churn, but also that there is not generally any particular public release statement for many of the products that could be used to explicitly tag them to a date. Greg Ott will help update the statement to see how it can be resolved more to a "spec-based" review instead of when it became available.

The call ended at 11:11am EDT.