I was a fiend before I became a teen
I melted microphones instead of cones of ice cream
Music orientated so when hip-hop was originated
Fitted like pieces of puzzles, complicated
’cause I grabbed the mic and try to say, yes y’all
They tried to take it, and say that I’m too small
Cool, ’cause I don’t get upset
I kick a hole in the speaker, pull the plug, then I jet
Back to the lab without a mic to grab
So then I add all the rhymes I had
One after the other one, then I make another one
To dis the opposite then ask if the brother’s done
The Accredited Standards Committee (ASC) X9, Data and Information Security Subcommittee X9F has assigned a new project to Cryptographic Protocol and Application Security standards working group X9F4. It is now open and calling for participation in the new work item (NWI) X9.125 Cloud Services Compliance Data (CSCD). It intends to “describe a common set of data needed for automating internal control and compliance testing of cloud service infrastructures” to support standard control frameworks. Contributors are sought “from the financial community with expertise in compliance, audit, and information security”.
The outcome was for NIST to propose technical workflows, subsystems, interfaces, and bindings to SCAP (asset, configuration, and vulnerability management).
NIST has just announced that the requested content is ready for review. They have setup weekly meetings for Thursdays at 10 am Pacific, starting August 18th with a general model discussion. A specific workflow or subsystem will be the subject of each following meeting. Details for the meetings will be communicated to the Emerging Specification Development List. The results of these meetings will be presented at the 7th IT Security Automation Conference.
The US government is going to try being a more overt and transparent supporter of Blackhat researchers (i.e. friends and colleagues of Peiter Zatko — “guys in my address book”)
