Contact with Special Interest Groups
Effective: March 17, 2026 · DCF-188
1. Purpose
This policy establishes H33.ai's commitment to maintaining appropriate contact with security special interest groups, professional associations, and specialist forums in accordance with ISO 27001:2022 control A.5.6. Active participation in these communities ensures H33.ai remains informed about emerging threats, best practices, and advances in post-quantum cryptography, fully homomorphic encryption, and zero-knowledge proof systems.
2. Scope
This policy applies to all H33.ai personnel responsible for information security, cryptographic engineering, and compliance functions. It covers memberships, subscriptions, and engagement with external security organizations and special interest groups relevant to H33.ai's operations.
3. Policy Statement
H33.ai shall maintain active contact with relevant special interest groups and professional associations to:
- Receive early warning of emerging threats, vulnerabilities, and advisories relevant to post-quantum cryptography, FHE implementations, and cloud infrastructure
- Gain access to specialist security guidance and best practices
- Stay current with standards development in lattice-based cryptography, homomorphic encryption, and zero-knowledge proof systems
- Share threat intelligence with trusted peers and contribute to community defense
- Maintain awareness of regulatory developments affecting cryptographic products and services
4. Special Interest Groups Register
The following groups and forums are actively monitored and engaged by H33.ai:
| Group | Details |
NIST Post-Quantum Cryptography Project
| Type | Standards Body |
| Contact Method | Mailing list subscription, public comment periods, conference attendance |
| Frequency | Continuous monitoring; active participation in comment periods |
| Responsible Person | Eric Beans, CEO/CISO |
| Relevance | H33.ai implements CRYSTALS-Dilithium (ML-DSA) and CRYSTALS-Kyber directly from NIST PQC standards. Critical for tracking algorithm updates, parameter changes, and new standardization rounds. |
IACR — International Association for Cryptologic Research
| Type | Academic/Research Association |
| Contact Method | Membership, ePrint archive monitoring, conference proceedings (CRYPTO, EUROCRYPT, ASIACRYPT) |
| Frequency | Weekly ePrint review; annual conference attendance |
| Responsible Person | Eric Beans, CEO/CISO |
| Relevance | Primary source for peer-reviewed advances in FHE (BFV scheme), lattice cryptanalysis, NTT optimizations, and ZKP constructions. Early detection of attacks on lattice-based assumptions. |
OWASP — Open Web Application Security Project
| Type | Professional Community |
| Contact Method | Mailing lists, OWASP Top 10 updates, project participation |
| Frequency | Monthly digest review; annual Top 10 assessment |
| Responsible Person | Eric Beans, CEO/CISO |
| Relevance | Web application security guidance for H33.ai web properties, API security best practices, and Auth1 authentication service hardening. |
Cloud Security Alliance (CSA)
| Type | Industry Association |
| Contact Method | Membership, research publications, working group participation |
| Frequency | Quarterly publication review; annual survey participation |
| Responsible Person | Eric Beans, CEO/CISO |
| Relevance | Cloud security guidance for AWS infrastructure (Graviton4 instances, RDS, ElastiCache). CSA STAR framework alignment and cloud-specific threat intelligence. |
FIRST — Forum of Incident Response and Security Teams
| Type | Incident Response Community |
| Contact Method | Mailing lists, CVSS scoring framework updates, annual conference |
| Frequency | Continuous advisories; quarterly community engagement |
| Responsible Person | Eric Beans, CEO/CISO |
| Relevance | Incident response coordination, vulnerability scoring methodology for H33.ai's risk assessment process, and cross-organizational threat sharing. |
US-CERT / CISA Mailing Lists
| Type | Government Advisory |
| Contact Method | Email subscription (alerts, bulletins, current activity feeds) |
| Frequency | Real-time alerts; weekly bulletin review |
| Responsible Person | Eric Beans, CEO/CISO |
| Relevance | Critical vulnerability notifications, national cybersecurity advisories, and CISA's post-quantum migration guidance relevant to H33.ai's PQC implementations. |
AWS Security Bulletins
| Type | Vendor Advisory |
| Contact Method | AWS Security Bulletin RSS feed, AWS Health Dashboard, Personal Health Dashboard notifications |
| Frequency | Real-time notifications; weekly review |
| Responsible Person | Eric Beans, CEO/CISO |
| Relevance | Direct impact on H33.ai production infrastructure (c8g.metal-48xl Graviton4 instances, RDS PostgreSQL, ElastiCache Redis, Elastic Beanstalk). |
Rust Security Response Working Group
| Type | Language Ecosystem Security |
| Contact Method | RustSec Advisory Database subscription, Rust security announcements mailing list, cargo-audit integration |
| Frequency | Continuous (automated via cargo-audit in CI/CD); manual review weekly |
| Responsible Person | Eric Beans, CEO/CISO |
| Relevance | H33.ai's core FHE engine, PQC implementations, and ZKP system are written entirely in Rust. Critical for supply chain security of crate dependencies. |
HomomorphicEncryption.org Standardization Body
| Type | Standards/Research Consortium |
| Contact Method | Mailing list, standardization meeting participation, white paper contributions |
| Frequency | Quarterly meetings; continuous publication monitoring |
| Responsible Person | Eric Beans, CEO/CISO |
| Relevance | H33.ai implements the BFV scheme standardized by this body. Participation ensures alignment with emerging FHE standards, parameter recommendations, and interoperability guidelines. |
5. Benefits of Participation
Active engagement with these groups provides H33.ai with the following benefits:
- Early threat detection: Advance notice of vulnerabilities affecting cryptographic libraries, cloud infrastructure, and authentication systems
- Standards alignment: Direct input into the evolution of PQC and FHE standards that H33.ai implements in production
- Peer validation: Opportunities to validate H33.ai's security approaches with industry experts and academic researchers
- Regulatory awareness: Insight into upcoming compliance requirements affecting cryptographic products
- Incident support: Access to coordinated response networks in the event of industry-wide security incidents
6. Knowledge Sharing Procedures
Information obtained from special interest groups shall be managed as follows:
- Intake: The CISO reviews all incoming advisories, bulletins, and threat intelligence within 24 hours of receipt (critical items within 4 hours)
- Assessment: Each item is assessed for relevance to H33.ai's technology stack (BFV FHE, Dilithium, Kyber, STARK proofs, AWS infrastructure)
- Dissemination: Relevant findings are communicated to affected teams via internal channels with appropriate classification
- Action tracking: Items requiring action are logged in Drata as tasks with assigned owners and deadlines
- Contribution: H33.ai may share non-proprietary security findings with relevant groups, subject to CISO approval and information classification review
- Confidentiality: Information shared under TLP (Traffic Light Protocol) restrictions is handled in accordance with the designated sharing level
7. Responsibilities
| Role | Responsibility |
| CISO (Eric Beans) | Maintain group register, review incoming intelligence, approve outbound sharing, ensure engagement frequency targets are met |
| Engineering Team | Monitor technical feeds (RustSec, AWS bulletins), implement advisories, run cargo-audit in CI/CD |
| Compliance Team | Track regulatory updates from CSA and NIST, update policies as needed, maintain evidence in Drata |
8. Review Schedule
This policy and the special interest groups register shall be reviewed annually, or sooner if:
- H33.ai's technology stack changes significantly (e.g., adoption of new cryptographic primitives)
- A relevant group is dissolved or its focus changes materially
- A new special interest group emerges that is directly relevant to H33.ai's operations
- A significant security incident highlights the need for additional community engagement
The next scheduled review is March 2027.
Questions?
Contact the Security Officer at security@h33.ai or the Compliance team at compliance@h33.ai.
H33.ai, Inc. · 11533 Brighton Knoll Loop, Riverview, FL 33579 · 813-464-0945