[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: [OASIS Issue Tracker] (MQTT-223) Missing Reference for NIST Cybersecurity Framework
[ https://tools.oasis-open.org/issues/browse/MQTT-223?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Richard Coppen updated MQTT-223:
--------------------------------
Component/s: SecuritySC_edits
> Missing Reference for NIST Cybersecurity Framework
> --------------------------------------------------
>
> Key: MQTT-223
> URL: https://tools.oasis-open.org/issues/browse/MQTT-223
> Project: OASIS Message Queuing Telemetry Transport (MQTT) TC
> Issue Type: Bug
> Components: SecuritySC_edits
> Environment: References
> Reporter: Patrick Durusau
>
> 1.3 NIST Cybersecurity Framework reads in part:
> *****
> The NIST Cybersecurity Framework is a risk-based approach to managing cybersecurity risk, and is composed of three parts:
> *****
> I almost missed it, there is no reference for NIST Cybersecurity Framework.
> Yes?
> I assume the TC means: Framework for Improving Critical Infrastructure Cybersecurity 1.0 (or some later version), http://www.nist.gov/cyberframework/upload/cybersecurity-framework-021214.pdf. Yes?
> Just a suggestion but if it were me, I would use the NIST structure as the common outline and annotate the differences that MQTT makes under each NIST part. Seems like that would enable you to quote the NIST document and while people are focused in that area, to also cover the MQTT differences. Just a suggestion.
--
This message was sent by Atlassian JIRA
(v6.2.2#6258)
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]