Missing Reference for NIST Cybersecurity Framework

XMLWordPrintable

    • Type: Bug
    • Resolution: Fixed
    • Priority: Major
    • None
    • Affects Version/s: None
    • Component/s: SecuritySC_edits
    • None
    • Environment:

      References

    • Hide

      At a minimum, insert a reference for NIST Cybersecurity Framework and make references to it when citing particular parts of it.

      Show
      At a minimum, insert a reference for NIST Cybersecurity Framework and make references to it when citing particular parts of it.
    • Hide

      Added the reference.

      Show
      Added the reference.

      1.3 NIST Cybersecurity Framework reads in part:

      *****
      The NIST Cybersecurity Framework is a risk-based approach to managing cybersecurity risk, and is composed of three parts:
      *****
      I almost missed it, there is no reference for NIST Cybersecurity Framework.

      Yes?

      I assume the TC means: Framework for Improving Critical Infrastructure Cybersecurity 1.0 (or some later version), http://www.nist.gov/cyberframework/upload/cybersecurity-framework-021214.pdf. Yes?

      Just a suggestion but if it were me, I would use the NIST structure as the common outline and annotate the differences that MQTT makes under each NIST part. Seems like that would enable you to quote the NIST document and while people are focused in that area, to also cover the MQTT differences. Just a suggestion.

            Assignee:
            Louis-P Lamoureux (Inactive)
            Reporter:
            Patrick Durusau
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: