CSA Announcements
IoT Controls Framework v3 -
https://docs.google.com/spreadsheets/d/1NoUw14uwGmLLiC5L46wkb01PMNiWPd0iMDF2pghaTbY/edit
- Plan tab on v3 to outline the work plan moving forward
- CCM and CCN currently a domain name - shift to con and son for clarity
- Need to add additional directions for approx. 14 controls - they are all highlighted in yellow
- Some current work that needs to be revised. Brian to take a look
- In future if you write a control you'll need to also write the additional directions
- Need to take a look at some relevant documents from other industries groups that need to be checked out (see plan tab)
- Michael to send documents to Hillary to be posted on Circle
- Other domains to add?
- Zero trust - includes authentication, authorization - what should be part of this domain?
- Perhaps add zero trust controls into existing domains
- Supply chain - need to keep in my CCM v4 domain when writing this section
- Check out ENISA document supply chain threats are listed particularly with regards to hardware
- Forensics
- Currently part of incidents - may need to make more robust controls in this area or create another domain if it gets large enough
- Want to consider a digital twin and other unique IoT situations
- Guide on how to use the controls to do specific things example/use case Zero Trust
Call to action - volunteer for a specific document to review what additional controls might need to be added to our framework.
- To volunteer just comment on the thread and report findings on the thread
- Also, be on the look out for other relevant documents that we might want to reference. Documents should be recent (from the past few years)
------------------------------
Hillary Baron CCSK v4
Program Manager, Research
CSA
Seattle WA
------------------------------