OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

mqtt message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: [OASIS Issue Tracker] Updated: (MQTT-118) Summary of editorial issues Security SC WD03

     [ http://tools.oasis-open.org/issues/browse/MQTT-118?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Richard Coppen updated MQTT-118:
--------------------------------

    Description: 
Line 136: Section 5 provides an example implementation of how the MQTT Cybersecurity Framework can be used. --> Section 5 provides a worked example of how the MQTT Cybersecurity Framework can be used. 

Line 140: each function presented here is non-exhaustive and merely provides a starting point --> each function presented here is non-exhaustive and provided as a starting point 

Line 175: The organization may implement some portions of the Framework on an irregular, case-by-case basis due to varied experience or information gained from outside sources. --> The organization might implement some portions of the Framework on an ad hoc basis due to varied experience or information gained from outside sources.

Line 181: In addition, risk-informed, management approved processes and procedures are defined and implemented and staff has adequate resources to perform their Cybersecurity duties. In addition, risk-informed, management approved processes and procedures are defined and implemented. Staff have adequate resources to perform their Cybersecurity duties.

Line 189: These updates to the Profile enable the organization to actively adapt to a changing Cybersecurity landscape and emerging/evolving threats. Risk-informed policies, processes, and procedures are part of the organizational culture and evolve from previous activities (and from information shared by other sources) to predict and address potential Cybersecurity events. --> These updates to the Profile enable the organization to adapt to an evolving Cybersecurity landscape and address emerging threats. Risk-informed policies, processes, and procedures are part of the organizational culture and are reviewed regularly - including feedback from lessons learned and information shared from other sources - to predict and address potential Cybersecurity events.

Line 204: thus revealing gaps that should be addressed to meet MQTT Cybersecurity risk management objectives. --> thus revealing gaps that could be addressed to meet MQTT Cybersecurity risk management objectives.

Line 204: Figure 1 shows the two types of Profiles --> Figure 1 illustrates two such Profiles

Line 215: of a roadmap that organizations should implement to reduce MQTT related Cybersecurity risk. --> of a roadmap that organizations could implement to reduce MQTT related Cybersecurity risk.

Line 217: consider changing "USA energy provider" to "Large energy provider" to achieve a more general example applicable to a wider audience.

Line 218 This section illustrates puts the Framework in practice by applying the different components in a concrete use case. --> This section provides a worked example to show how the Framework can be applied to help manage MQTT Cybersecurity risk.

Line 226: To leverage the capacity and augment the capability of an energy provider standards-based, modular communication platform (e.g. a "communications node"), the company is executing a pilot project to define, test, and implement an open-source, broker-agnostic, and distributed field message bus architecture. --> The organization is looking to build a new architecture around an open-source, broker agnostic 'communication node' concept and is running a pilot project to assess feasibility, and integration within its wider message bus.

Line 292 (Diagram) Not clear where the target state come from for this example - was it a regulatory requirement or a management decision ? Consider adding narrative earlier in the example, maybe to the introduction.

  was:
Line 136: Section 5 provides an example implementation of how the MQTT Cybersecurity Framework can be used. --> Section 5 provides a worked example of how the MQTT Cybersecurity Framework can be used. 

Line 140: each function presented here is non-exhaustive and merely provides a starting point --> each function presented here is non-exhaustive and provided as a starting point 

Line 175: The organization may implement some portions of the Framework on an irregular, case-by-case basis due to varied experience or information gained from outside sources. --> The organization might implement some portions of the Framework on an ad hoc basis due to varied experience or information gained from outside sources.

Line 181: In addition, risk-informed, management approved processes and procedures are defined and implemented and staff has adequate resources to perform their Cybersecurity duties. In addition, risk-informed, management approved processes and procedures are defined and implemented. Staff have adequate resources to perform their Cybersecurity duties.

Line 189: These updates to the Profile enable the organization to actively adapt to a changing Cybersecurity landscape and emerging/evolving threats. Risk-informed policies, processes, and procedures are part of the organizational culture and evolve from previous activities (and from information shared by other sources) to predict and address potential Cybersecurity events. --> These updates to the Profile enable the organization to adapt to an evolving Cybersecurity landscape and address emerging threats. Risk-informed policies, processes, and procedures are part of the organizational culture and are reviewed regularly - including feedback from lessons learned and information shared from other sources - to predict and address potential Cybersecurity events.

Line 204: thus revealing gaps that should be addressed to meet MQTT Cybersecurity risk management objectives. --> thus revealing gaps that could be addressed to meet MQTT Cybersecurity risk management objectives.

Line 204: Figure 1 shows the two types of Profiles --> Figure 1 illustrates two such Profiles

Line 215: of a roadmap that organizations should implement to reduce MQTT related Cybersecurity risk. --> of a roadmap that organizations could implement to reduce MQTT related Cybersecurity risk.

Line 218 This section illustrates puts the Framework in practice by applying the different components in a concrete use case. --> This section provides a worked example to show how the Framework can be applied to help manage MQTT Cybersecurity risk.

Line 226: To leverage the capacity and augment the capability of an energy provider standards-based, modular communication platform (e.g. a "communications node"), the company is executing a pilot project to define, test, and implement an open-source, broker-agnostic, and distributed field message bus architecture. --> The organization is looking to build a new architecture around an open-source, broker agnostic 'communication node' concept and is running a pilot project to assess feasibility, and integration within its wider message bus.


> Summary of editorial issues Security SC WD03
> --------------------------------------------
>
>                 Key: MQTT-118
>                 URL: http://tools.oasis-open.org/issues/browse/MQTT-118
>             Project: OASIS Message Queuing Telemetry Transport (MQTT) TC
>          Issue Type: Improvement
>          Components: SecuritySC_edits
>            Reporter: Richard Coppen
>
> Line 136: Section 5 provides an example implementation of how the MQTT Cybersecurity Framework can be used. --> Section 5 provides a worked example of how the MQTT Cybersecurity Framework can be used. 
> Line 140: each function presented here is non-exhaustive and merely provides a starting point --> each function presented here is non-exhaustive and provided as a starting point 
> Line 175: The organization may implement some portions of the Framework on an irregular, case-by-case basis due to varied experience or information gained from outside sources. --> The organization might implement some portions of the Framework on an ad hoc basis due to varied experience or information gained from outside sources.
> Line 181: In addition, risk-informed, management approved processes and procedures are defined and implemented and staff has adequate resources to perform their Cybersecurity duties. In addition, risk-informed, management approved processes and procedures are defined and implemented. Staff have adequate resources to perform their Cybersecurity duties.
> Line 189: These updates to the Profile enable the organization to actively adapt to a changing Cybersecurity landscape and emerging/evolving threats. Risk-informed policies, processes, and procedures are part of the organizational culture and evolve from previous activities (and from information shared by other sources) to predict and address potential Cybersecurity events. --> These updates to the Profile enable the organization to adapt to an evolving Cybersecurity landscape and address emerging threats. Risk-informed policies, processes, and procedures are part of the organizational culture and are reviewed regularly - including feedback from lessons learned and information shared from other sources - to predict and address potential Cybersecurity events.
> Line 204: thus revealing gaps that should be addressed to meet MQTT Cybersecurity risk management objectives. --> thus revealing gaps that could be addressed to meet MQTT Cybersecurity risk management objectives.
> Line 204: Figure 1 shows the two types of Profiles --> Figure 1 illustrates two such Profiles
> Line 215: of a roadmap that organizations should implement to reduce MQTT related Cybersecurity risk. --> of a roadmap that organizations could implement to reduce MQTT related Cybersecurity risk.
> Line 217: consider changing "USA energy provider" to "Large energy provider" to achieve a more general example applicable to a wider audience.
> Line 218 This section illustrates puts the Framework in practice by applying the different components in a concrete use case. --> This section provides a worked example to show how the Framework can be applied to help manage MQTT Cybersecurity risk.
> Line 226: To leverage the capacity and augment the capability of an energy provider standards-based, modular communication platform (e.g. a "communications node"), the company is executing a pilot project to define, test, and implement an open-source, broker-agnostic, and distributed field message bus architecture. --> The organization is looking to build a new architecture around an open-source, broker agnostic 'communication node' concept and is running a pilot project to assess feasibility, and integration within its wider message bus.
> Line 292 (Diagram) Not clear where the target state come from for this example - was it a regulatory requirement or a management decision ? Consider adding narrative earlier in the example, maybe to the introduction.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://tools.oasis-open.org/issues/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]