-
Type:
Bug
-
Status: Closed
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: None
-
Fix Version/s: None
-
Component/s: SecuritySC_edits
-
Labels:None
-
Environment:
References
-
Proposal:
-
Resolution:
1.3 NIST Cybersecurity Framework reads in part:
*****
The NIST Cybersecurity Framework is a risk-based approach to managing cybersecurity risk, and is composed of three parts:
*****
I almost missed it, there is no reference for NIST Cybersecurity Framework.
Yes?
I assume the TC means: Framework for Improving Critical Infrastructure Cybersecurity 1.0 (or some later version), http://www.nist.gov/cyberframework/upload/cybersecurity-framework-021214.pdf. Yes?
Just a suggestion but if it were me, I would use the NIST structure as the common outline and annotate the differences that MQTT makes under each NIST part. Seems like that would enable you to quote the NIST document and while people are focused in that area, to also cover the MQTT differences. Just a suggestion.