Computer Associates to hand off Open Security Exchange to IEEE

Three months after launching a cross-industry group to develop standards for integrating physical and information technology (IT) security, Computer Associates International is handing off management of that group to the Industry Standards and Technology Organization (ISTO).

The ISTO, which was spun off of the Institute for Electrical and Electronics Engineers Inc. (IEEE) in 1999, will assume administrative control of the Open Security Exchange (OSE), providing staff and resources to manage the finances and logistics of the group, according to Greg Kohn, director of industry programs at ISTO.

IEEE-ISTO management will make the OSE more open and public and advance the development of integrated security management standards, according to CA Senior Vice President Ron Moritz.

IEEE-ISTO handles day-to-day operations so that group members can focus on developing both the specifications and support for their standards in the community, Kohn said.

Computer Associates will retain its current chairmanship of the organization under CA director of security product management Piers McMahon, Moritz said.

CA unveiled the OSE at the RSA Conference in April. The organization brought leading companies in the physical security industry together with CA to develop security management standards and best practices.

In addition to CA, OSE members include HID, a maker of access control cards and readers, smart card provider Gemplus International,  fire and security alarm giant Tyco International and private investigation firm Pinkerton Consulting & Investigations, part of Securitas.

But CA faced criticism over the makeup of the OSE.

Detractors complained that the absence of any other software companies in the group made the OSE little more than a CA partnership program rather than an independent industry standards group.

Speaking on Wednesday, Moritz acknowledged those criticisms.

"By moving (OSE) under the IEEE we're getting an acknowledgement that OSE is more broad than OPSEC (Open Platform for Security partner program) from Check Point -- that it's a broad market initiative and not just a CA thing," he said.

Under IEEE-ISTO guidance, software companies with an interest in participating can join the OSE effort, as well as hardware and physical control companies and enterprises with an interest in investing in the technology produced from OSE standards, Moritz said.

IEEE-ISTO will help attract new members by being a central reference point for questions about the group and by helping with outreach, Kohn said.

As part of its administrative duties, IEEE-ISTO will manage computer listservs used by OSE participants and handle billing for OSE members, Kohn said.

CA and OSE members scouted out various standards organizations before deciding to hand over control of the OSE to the IEEE-ISTO, Moritz said.

The Organization for Advancement of Structured Information Standards (OASIS) and World Wide Web Consortium (W3C) were both considered, he said.

IEEE-ISTO emerged as the best fit, Moritz said.

The group's unique mission and legal status makes the IEEE-ISTO attractive to corporations that want to work on developing industry standards, according to Kohn.