OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

mqtt message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: [OASIS Issue Tracker] Created: (MQTT-200) Clarification on WD01

Clarification on WD01

                 Key: MQTT-200
                 URL: http://tools.oasis-open.org/issues/browse/MQTT-200
             Project: OASIS Message Queuing Telemetry Transport (MQTT) TC
          Issue Type: Improvement
          Components: SecuritySC_edits
    Affects Versions: 3.1.1
            Reporter: Andrew Schofield
            Priority: Minor
             Fix For: 3.1.1

General: Now that the NIST framework has been formally published, I suggest that the first reference to it uses its complete name "Framework for Improving Critical Infrastructure Cybersecurity". I find the inclusion of "Critical Infrastructure" helpful to frame the purpose of this.

General: "Cybersecurity" is incorrectly capitalised in quite a large number of places. It will look more authoritative if it's consistently lower-case apart from when referring to a particular entity as a proper noun.

Section 1.4.2: I don't think the idea of special MQTT-specific tiers is worthwhile. The description in the full NIST document is much clearer and more authoritative. I think this document just needs to say (probably in 1.4.4) that each organisation will have a particular level of maturity for cybersecurity.

Section 2: I wonder why the categories do not match those in Appendix A of the NIST document. We are clearly at liberty to have them different, but I wonder whether it's sensible. I'd prefer the lists to match, or the MQTT list to be a subset. If this idea is acceptable, I'm happy to help pull together the revised tables.

Appendix A: Once section 2 is finalised, it would be a good idea to circle back to this appendix and align all of the categories to make the illustrative value of the appendix as clear as possible.

This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators: http://tools.oasis-open.org/issues/secure/Administrators.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]