OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

cti-stix message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [cti-stix] Asset: the missing piece in your puzzle

Excellent admonitions.

It is worth noting that the Critical Security Controls
which have become globally adopted and replicated
as perhaps the most widespread standard, now exists
under the aegis of the Center for Internet Security at:

A new V6 version has been published, and the points
you make here are addressed in the new "measurement


On 2015-11-27 12:49 AM, Jerome Athias wrote:
>From https://www.sans.org/critical-security-controls
to ISO 27001, through the NIST CSF (#1 Identify), NIST Risk Management
Framework, SP 800-53... ...
If you don't properly manage your Assets in cybersecurity: you will FAIL.

Information obtained from the data that you will manipulate and
exchange need to be linked to your Assets, the Assets of others
(Supply Chain or Adversaries).

So -again-, I invite you to look at http://scap.nist.gov/specifications/ai/

NB: While not perfect, and I can comment further with pleasure on
where/why, the Asset concept/construct or relationships (i.e. through
GUIDs) is, imho, NEEDED.

PS: I will try to put effort on documenting where the current model(s)
are currently weak regarding this domain

Best regards

To unsubscribe from this mail list, you must leave the OASIS TC that 
generates this mail.  Follow this link to all your TCs in OASIS at:



Anthony Michael Rutkowski

EVP, Industry Standards & Regulatory Affairs


+1 703 999 8270


Yaana Technologies LLC

542 Gibraltar Drive

Milpitas CA 95035 USA

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]