-
Type:
Improvement
-
Status: Closed
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: None
-
Fix Version/s: None
-
Component/s: SecuritySC_edits
-
Labels:None
-
Proposal:
Line 34: copyright notice is for incorrect year
Line 136: Section 5 provides an example implementation of how the MQTT Cybersecurity Framework can be used. --> Section 5 provides a worked example of how the MQTT Cybersecurity Framework can be used.
Line 140: each function presented here is non-exhaustive and merely provides a starting point --> each function presented here is non-exhaustive and provided as a starting point
Line 175: The organization may implement some portions of the Framework on an irregular, case-by-case basis due to varied experience or information gained from outside sources. --> The organization might implement some portions of the Framework on an ad hoc basis due to varied experience or information gained from outside sources.
Line 181: In addition, risk-informed, management approved processes and procedures are defined and implemented and staff has adequate resources to perform their Cybersecurity duties. In addition, risk-informed, management approved processes and procedures are defined and implemented. Staff have adequate resources to perform their Cybersecurity duties.
Line 189: These updates to the Profile enable the organization to actively adapt to a changing Cybersecurity landscape and emerging/evolving threats. Risk-informed policies, processes, and procedures are part of the organizational culture and evolve from previous activities (and from information shared by other sources) to predict and address potential Cybersecurity events. --> These updates to the Profile enable the organization to adapt to an evolving Cybersecurity landscape and address emerging threats. Risk-informed policies, processes, and procedures are part of the organizational culture and are reviewed regularly - including feedback from lessons learned and information shared from other sources - to predict and address potential Cybersecurity events.
Line 204: thus revealing gaps that should be addressed to meet MQTT Cybersecurity risk management objectives. --> thus revealing gaps that could be addressed to meet MQTT Cybersecurity risk management objectives.
Line 204: Figure 1 shows the two types of Profiles --> Figure 1 illustrates two such Profiles
Line 215: of a roadmap that organizations should implement to reduce MQTT related Cybersecurity risk. --> of a roadmap that organizations could implement to reduce MQTT related Cybersecurity risk.
Line 217: consider changing "USA energy provider" to "Large energy provider" to achieve a more general example applicable to a wider audience.
Line 218 This section illustrates puts the Framework in practice by applying the different components in a concrete use case. --> This section provides a worked example to show how the Framework can be applied to help manage MQTT Cybersecurity risk.
Line 226: To leverage the capacity and augment the capability of an energy provider standards-based, modular communication platform (e.g. a "communications node"), the company is executing a pilot project to define, test, and implement an open-source, broker-agnostic, and distributed field message bus architecture. --> The organization is looking to build a new architecture around an open-source, broker agnostic 'communication node' concept and is running a pilot project to assess feasibility, and integration within its wider message bus.
Line 292 (Diagram) Not clear where the target state come from for this example - was it a regulatory requirement or a management decision ? Consider adding narrative earlier in the example, maybe to the introduction.