- CSA Announcements
- Medical Device IR Playbook is planned for a Nov 8th release (previously scheduled for Oct 26th)
- Framework v3 changes - https://docs.google.com/spreadsheets/d/1NoUw14uwGmLLiC5L46wkb01PMNiWPd0iMDF2pghaTbY/edit
- Domain Changes
- Added supply chain
- Added subcategories to secure applications domain
- Consolidated communication and networking domains along with a few others into Secure Networks and Secure Wireless
- Reviewed new controls under several domains (secure application, secure networks, etc)
- Microsegmentation was agreed upon to be a subdomain rather than a new domain
- Need volunteers to review old controls and add new controls
- Need to request access from Brian
- Anyone who adds a control must fill out additional directions, references, and all the other columns in the row. It's too difficult for another person to come in and add it after the fact.
- Glossary tab added to clarify terms (e.g. cryptoagility, microsegmentation)
- Plan for Zero Trust paper
- Brian will be review device security profile over the next few weeks
- Root of Trust is similar to Trusted device onboarding - may need to get pulled up
- Volunteers should reach out to Hillary or Brian to be added to the paper
------------------------------
Hillary Baron CCSK v4
Program Manager, Research
CSA
Seattle WA
------------------------------