• Type: Improvement
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 3.1.1
    • Fix Version/s: 3.1.1
    • Component/s: SecuritySC_edits
    • Labels:


      General: Now that the NIST framework has been formally published, I suggest that the first reference to it uses its complete name "Framework for Improving Critical Infrastructure Cybersecurity". I find the inclusion of "Critical Infrastructure" helpful to frame the purpose of this.

      General: "Cybersecurity" is incorrectly capitalised in quite a large number of places. It will look more authoritative if it's consistently lower-case apart from when referring to a particular entity as a proper noun.

      Section 1.4.2: I don't think the idea of special MQTT-specific tiers is worthwhile. The description in the full NIST document is much clearer and more authoritative. I think this document just needs to say (probably in 1.4.4) that each organisation will have a particular level of maturity for cybersecurity.

      Section 2: I wonder why the categories do not match those in Appendix A of the NIST document. We are clearly at liberty to have them different, but I wonder whether it's sensible. I'd prefer the lists to match, or the MQTT list to be a subset. If this idea is acceptable, I'm happy to help pull together the revised tables.

      Appendix A: Once section 2 is finalised, it would be a good idea to circle back to this appendix and align all of the categories to make the illustrative value of the appendix as clear as possible.




            • Assignee:
              andrew_schofield Andrew Schofield (Inactive)
            • Watchers:
              1 Start watching this issue


              • Created: