[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Fw: Re: [cti-comment] Comment Resolution Log for STIX 2.1 CSD 05 Public Review
----- Original message -----
From: Christopher Carlson <chris@ctcarlson.com>
To: Emily Ratliff <Emily.Ratliff@ibm.com>
Cc:
Subject: [EXTERNAL] Re: [cti-comment] Comment Resolution Log for STIX 2.1 CSD 05 Public Review
Date: Fri, Jan 15, 2021 12:58 PM
Here is the content that I provided:Recommended Change to Section 4.3.1, Course of Action - PropertiesAdd one more Property:Property Name: function (optional)Type: list of type open-vocab;Description: The values for this property SHOULD come from the course-of-action-ov open vocabulary.Add one more STIX Vocabulary to support this changeCybersecurity Framework Function Vocabulary.Vocabulary Name: course-of-action-ovThe course of action type vocabulary is currently used in the following SDO(s):
- Course of Action
The course of action type is an open vocabulary that provides a high-level characterization of the function to be provided by a Course of Action. For example, a recovery course of action improves the ability to facilitate recovery from an incident. A course of action may improve more than one course of action type, such as detecting and responding to an incident.Values should be drawn from the NIST Cybersecurity Framework, Table 1 "Function" column shown below (document available at https://www.nist.gov/cyberframework) .The benefit of this additional information is that it can assist organizing security control improvement projects to reduce the probability of loss events.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]