[cabfpub] Final report from the NetSec group
Neil Dunbar
ndunbar at trustcorsystems.com
Fri Jun 22 07:24:04 UTC 2018
Colleagues,
Following on from the F2F discussions in London, where a report on the Network Security activity was sought, I’m attaching our final report.
The TL;DR is essentially:
* We recognise that the NCSSRs are a bit outdated and don’t call out salient security features of today’s working environments
* We looked at CIS and ISO27K as starting points to replace the NCSSRs but decided against such an approach
* We don’t think that just dumping the NCSSRs and going forward with nothing is a good idea at all
* We think that incremental changes to the NCSSRs, using a risk-assessment methodology probably represents the best way of bringing the requirements up to date in a way which forum members will be likely to find acceptable.
(Fellow NetSec members: if I’ve spoken out of turn in the above, feel free to correct me on-list)
Hope the document is useful in representing where our thoughts are. All feedback, commentary and general observations are most welcome.
Best regards,
Neil
-------------- next part --------------
A non-text attachment was scrubbed...
Name: NetSec-Report.pdf
Type: application/pdf
Size: 89414 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20180622/d4763c12/attachment-0002.pdf>
More information about the Public
mailing list