OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

mqtt message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: [OASIS Issue Tracker] Created: (MQTT-200) Clarification on WD01


Clarification on WD01
---------------------

                 Key: MQTT-200
                 URL: http://tools.oasis-open.org/issues/browse/MQTT-200
             Project: OASIS Message Queuing Telemetry Transport (MQTT) TC
          Issue Type: Improvement
          Components: SecuritySC_edits
    Affects Versions: 3.1.1
            Reporter: Andrew Schofield
            Priority: Minor
             Fix For: 3.1.1


General: Now that the NIST framework has been formally published, I suggest that the first reference to it uses its complete name "Framework for Improving Critical Infrastructure Cybersecurity". I find the inclusion of "Critical Infrastructure" helpful to frame the purpose of this.

General: "Cybersecurity" is incorrectly capitalised in quite a large number of places. It will look more authoritative if it's consistently lower-case apart from when referring to a particular entity as a proper noun.

Section 1.4.2: I don't think the idea of special MQTT-specific tiers is worthwhile. The description in the full NIST document is much clearer and more authoritative. I think this document just needs to say (probably in 1.4.4) that each organisation will have a particular level of maturity for cybersecurity.

Section 2: I wonder why the categories do not match those in Appendix A of the NIST document. We are clearly at liberty to have them different, but I wonder whether it's sensible. I'd prefer the lists to match, or the MQTT list to be a subset. If this idea is acceptable, I'm happy to help pull together the revised tables.

Appendix A: Once section 2 is finalised, it would be a good idea to circle back to this appendix and align all of the categories to make the illustrative value of the appendix as clear as possible.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://tools.oasis-open.org/issues/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]