Uploaded image for project: 'OASIS Message Queuing Telemetry Transport (MQTT) TC'
  1. OASIS Message Queuing Telemetry Transport (MQTT) TC
  2. MQTT-128

Signifiance of the last sentence of Security doc 5.14 is unclear

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: SecuritySC
    • Labels:
      None
    • Proposal:
      Hide

      Here's a suggested rewording of the two paragraphs. Does this capture their original intention?

      The energy provider compares the current and target states to see where it needs to take action: in this case the largest discrepancies are in the "Protect" and "Recover" functions. The framework core in Section 5.1.3 then points it to some actions that it can take to remedy this situation. In this case it shows that the energy provider should follow the Guidelines for Smart Grid Cyber Security [NISTIR 7628] and the Contingency Planning Guide for Federal Information Systems [NIST SP 800-34].

      Show
      Here's a suggested rewording of the two paragraphs. Does this capture their original intention? The energy provider compares the current and target states to see where it needs to take action: in this case the largest discrepancies are in the "Protect" and "Recover" functions. The framework core in Section 5.1.3 then points it to some actions that it can take to remedy this situation. In this case it shows that the energy provider should follow the Guidelines for Smart Grid Cyber Security [NISTIR 7628] and the Contingency Planning Guide for Federal Information Systems [NIST SP 800-34] .
    • Resolution:
      Hide

      Implemented the proposal.

      Show
      Implemented the proposal.

      Description

      In WD03, Section 5.14 concludes as follows:

      "The gap between the two states indicates actions the energy provider must undertake to achieve the target state. Here, the gap is essentially defined by the "Protect" and "Recover" functions as they bear the largest discrepancies.

      The energy provider is conscious it requires more efforts to comply with the current version of the Smart Grid Cybersecurity (NISTIR 7628) and NIST SP 800-34 for the reconstitution efforts plan. "

      I understand what the first of these two paragraphs is saying, but I don't understand the second one.

      • Are the two documents mentioned related to the gaps mentioned in the previous paragraph, or is this something separate? If they are related I think it would help to say so explicitly.
      • What is a "reconstiution efforts path"?

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              PeterNiblett Peter Niblett
            • Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: