This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Template:IndustryProject

From OWASP
Revision as of 04:20, 4 December 2009 by Dan Philpott (talk | contribs)

Jump to: navigation, search


This template displays key Global Industry Committee Project information.

PrimaryContact and SecondaryContact should be wiki links to email addresses of the contact with name.

ActivityObjectives, ActivityDeadlines, ActivityStatus, ActivityResources and IdentifiedSections should be bulleted lists.

By default:

  • ActivityName = N/A
  • ActivityDescription = N/A
  • RelatedProjects = N/A
  • PrimaryContact = N/A
  • SecondaryContact = N/A
  • MailingList = N/A
  • ActivityObjectives = N/A
  • ActivityDeadlines = N/A
  • ActivityStatus = N/A
  • ActivityResources = N/A
  • ReviewPlan = N/A
  • Stage1Activities = N/A
  • Stage1Results = N/A
  • Stage2Activities = N/A
  • Stage2Results = N/A
  • Stage3Activities = N/A
  • Stage3Results = N/A
  • FinalVersion = N/A
  • IdentifiedSections = N/A


Usage

{{Template:IndustryProject
| ActivityName=
| ActivityDescription=
| RelatedProjects=
| PrimaryContact=
| SecondaryContact=
| MailingList=
| ActivityObjectives=
| ActivityDeadlines=
| ActivityStatus=
| ActivityResources=
| ReviewPlan=
| Stage1Activities=
| Stage1Results=
| Stage2Activities=
| Stage2Results=
| Stage3Activities=
| Stage3Results=
| FinalVersion=
| IdentifiedSections=
}}

Example

{{IndustryProject
| ActivityName=NIST SP 800-37 Revision 1 Final Public Draft
| ActivityDescription=NIST SP 800-37 Revision 1 Final Public Draft: Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach
| RelatedProjects=[[:Industry:Draft_NIST_SP_800-53_Revision_3]]
| PrimaryContact=[mailto:danphilpott(at)gmail.com Dan Philpott]
| SecondaryContact=[mailto:rex.booth(at)gt.com Rex Booth]
| MailingList=
| ActivityObjectives=
* Review Final Public Draft of NIST SP 800-37 Revision 1 - in particular issues affecting web application security
* Where appropriate, draft a response for submission
* Submit the response as an official OWASP statement
| ActivityDeadlines=
* December 1st, 2009 - Announce project, open enrollment
* December 3rd, 2009 - Close enrollment
* December 23rd, 2009 - Complete final draft response 
* December 24th, 2009 - Submit to NIST 
* December 31st, 2009 - Comment period ends
* February, 2010 - Anticipated final publication
| ActivityStatus=
* In Progress
| ActivityResources=
* [http://csrc.nist.gov/publications/PubsDrafts.html#SP-800-37-Rev.%201 Request for comments, November 17th, 2009]
* [http://csrc.nist.gov/publications/drafts/800-37-Rev1/SP800-37-rev1-FPD.pdf NIST SP 800-37 Revision 1 FPD] (PDF)
* [[:Category:GIC-NISTSP80037r1FPD|NIST SP 800-37 Revision 1 FPD Review Work Area]]
* Submit comments to sec-cert(at)nist.gov
| ReviewPlan=Review of the document shall be conducted primarily via the OWASP wiki.  NIST SP 800-37 Revision 1 FPD has been converted to wiki format, broken into separate articles by Chapter/Appendix and had the text linked to the FISMApedia.org glossary.  Participants are requested to review the document text and comment in the appropriate section of the discussion page.  Please sign your contributions and comment on the contributions of each other as needed.
The primary access point for the document is [[:Category:GIC-NISTSP80037r1FPD|NIST SP 800-37 Revision 1 FPD Table of Contents/Category Entry]].  This contains a linked Table of Contents and all pages categorized as [[:Category:GIC-NISTSP80037r1FPD|Category:GIC-NISTSP80037r1FPD]].
| Stage1Activities=All participants perform a high-level, document-wide review to develop familiarity with the documents. Reviewers should focus on gaining an understanding of the document layout and basic understanding of the Risk Management Framework. Focus is on gaining an understanding of the document.
| Stage1Results=Keep notes general and impressionistic. Note sections that may merit further investigation and any initial impressions you have on strengths and weaknesses.  Please do not comment on other contributors work, consider this a brainstorming period.
| Stage2Activities=Participants will be asked to perform a focused review on sections identified in Stage 1.  These "targeted sections" may be divided among project participants depending on project population and the number of target sections. Impressions on strengths and weakness of the process will be expanded on by their contributors.  Participants are encouraged to comment on each others comments.
| Stage2Results=Each participant should develop a detailed set of comments for their assigned sections.
| Stage3Activities=Participants will revise comments as needed and project management will consolidate and format comments for submission to NIST. 
| Stage3Results=A final list of comments for submission to NIST. 
| FinalVersion=
| IdentifiedSections=
}}


Return to Global Industry Committee

ACTIVITY IDENTIFICATION
Activity Name NIST SP 800-37 Revision 1 Final Public Draft
Short Description Provide response to "NIST SP 800-37 Revision 1 Final Public Draft: Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach"
Related Projects Industry:Draft_NIST_SP_800-53_Revision_3
Email Contacts & Roles Primary
Dan Philpott
Secondary
Rex Booth
Mailing list
N/A
ACTIVITY SPECIFICS
Objectives
  • Review Final Public Draft of NIST SP 800-37 Revision 1 - in particular issues affecting web application security
  • Where appropriate, draft a response for submission
  • Submit the response as an official OWASP statement
Deadlines
  • December 1st, 2009 - Announce project, open enrollment
  • December 3rd, 2009 - Close enrollment
  • December 23rd, 2009 - Complete final draft response
  • December 24th, 2009 - Submit to NIST
  • December 31st, 2009 - Comment period ends
  • February, 2010 - Anticipated final publication
Status
  • In Progress
Resources

Review Plan

Review of the document shall be conducted primarily via the OWASP wiki. NIST SP 800-37 Revision 1 FPD has been converted to wiki format, broken into separate articles by Chapter/Appendix and had the text linked to the FISMApedia.org glossary. Participants are requested to review the document text and comment in the appropriate section of the discussion page. Please sign your contributions and comment on the contributions of each other as needed. The primary access point for the document is NIST SP 800-37 Revision 1 FPD Table of Contents/Category Entry. This contains a linked Table of Contents and all pages categorized as Category:GIC-NISTSP80037r1FPD.

Stage 1

Activities: All participants perform a high-level, document-wide review to develop familiarity with the documents. Reviewers should focus on gaining an understanding of the document layout and basic understanding of the Risk Management Framework. Focus is on gaining an understanding of the document.

Results: Keep notes general and impressionistic. Note sections that may merit further investigation and any initial impressions you have on strengths and weaknesses. Please do not comment on other contributors work, consider this a brainstorming period.

Stage 2

Activities: Participants will be asked to perform a focused review on sections identified in Stage 1. These "targeted sections" may be divided among project participants depending on project population and the number of target sections. Impressions on strengths and weakness of the process will be expanded on by their contributors. Participants are encouraged to comment on each others comments.

Results: Each participant should develop a detailed set of comments for their assigned sections.

Stage 3

Activities: Participants will revise comments as needed and project management will consolidate and format comments for submission to NIST.

Results: A final list of comments for submission to NIST.


Submission Response

Latest first

Final Version

N/A

Identified Sections

The following parts have been identified for review:

N/A


Return to Global Industry Committee