www.phillipgriffin.com

Security Standards Development

GRIFFIN Consulting develops information security standards to create new product and services opportunities. The company is experienced in all levels and aspects of the standards development process, including technical committee leadership, working group management, design and development of expert contributions of text and secure messaging syntax, crafting new project proposals, standards document editing, and editorial process management to ensure that requirements for publication are met without unnecessary delays.

Security standards development capabilities of GRIFFIN Consulting include:

• Strategy
  

  ---

  GRIFFIN Consulting works with your marketing, new product development, and program management interests to develop a comprehensive plan of action to target those standards bodies and projects that can bring maximum benefits to your organization. GRIFFIN Consulting standards body management expertise comes from broad experience serving as:
  
  
  • Vice Chair of the ISO TC68/SC2 Financial Services Security committee;
  • Convener of the ISO TC68/SC2/WG8 Public Key Infrastructure (PKI) Management group;
  • Chair of the INCITS T4 IT Security Techniques Technical Committee;
  • Program Committee Privacy and Identity Management for Europe (PRIME) Workshop on Standards for Privacy in User-Centric Identity Management (IdM);
  • Chair of the X9F1 Cryptographic Techniques group;
  • Vice Chair of the X9F4 Security Applications and Protocols group;
  • Rapporteur Identity Management (IdM) Study Period of ISO/IEC JTC 1/SC 27 IT Security Techniques;
  • Head of Delegation to the ISO/IEC JTC 1/SC 27 IT Security Techniques committee;
  • Founder and Chair of the OASIS Security Joint Committee (SJC);
  • Founder and Chair of the OASIS XML Common Biometric Format (XCBF) Technical Committee;
  • Representative of ITU-T Study Group 17 (SG17) in the ISO, IEC, ITU-T and UN/ECE Memorandum of Understanding Management Group (MoU/MG) for the joint coordination of global electronic commerce standardization.
  
  
• Representation
  

  ---

  GRIFFIN Consulting can represent your organization's interests when they are affected by the security standards defined in US national and international standards bodies and consortia. Experience includes active participation in standards development in ANSI X9 Financial Services, ISO TC68/SC2 Financial Services Security, ISO/IEC JTC 1/SC 27 IT Security Techniques, ITU-T Study Group 17, The Open Group, IETF, IEEE, the OASIS Open consortium and the Joint NSA/DISA Web Services Security Standards Working Group.
  
  
• Editing
  

  ---

  GRIFFIN Consulting provides professional standards document editing services of the highest quality. The company has experience editing standards across a broad range of information technology security disciplines, including:
  
  
  • ISO/IEC 24760 (NP) Information technology - Security techniques - A framework for identity management;
  • ISO 22895 Financial Services - Security - Cryptographic syntax scheme;
  • ISO 21188 Public key infrastructure for financial services - Practices and policy framework;
  • ISO 19092-1 Financial Services - Biometrics - Part 1: Security framework and
    ISO 19092-2 Financial Services - Biometrics - Part 2: Message syntax and cryptographic requirements;
  • ISO 15782-1 Certificate management for financial services - Part 1: Public key certificates and
    ISO 15782-2 Certificate management for financial services - Part 2: Certificate extensions;
  • ISO 13569 Financial Services - Information Security Management Guidelines ;
  • X9.113 Trusted Transactions for Network-Enabled Devices;
  • X9.96 XML Cryptographic Message Syntax (XCMS);
  • X9.73 Cryptographic Message Syntax (CMS);
  • X9.68 Digital Certificates for Mobile/Wireless and High Transaction Volume Financial Systems;
  • XCBF - OASIS XCBF XML Common Biometric Format (XCBF) and
    WSS XCBF Profile - OASIS Web Services Security (WSS): XML Common Biometric Format (XCBF) Token Profile;
  • Joint NSA/DISA - Web Services Security Standards Framework, for Net-Centric Enterprise Services (NCES) Global Information Grid (GIG) Information Assurance (IA); and
  • IETF ID-ttned Trusted Transactions for Network-Enabled Devices