Skip to main content (Press Enter).
Sign in
Skip auxiliary navigation (Press Enter).
Contact Us
Terms and Conditions
Skip main navigation (Press Enter).
Toggle navigation
Search Options
Home
Connect
The Inner Circle
Communities
Directory
Learn
Certificates & Trainings
Cloudbytes Webinars
Blog
Videos
Cloud Security
Zero Trust
Technology Maps
Cloud Security Map
Zero Trust Map
Engage
Volunteer
Opportunities
Events
Internet of Things (IoT)
Back to discussions
Expand all
|
Collapse all
Meeting Minutes - Nov 12
1.
Meeting Minutes - Nov 12
1
Like
Hillary Baron
Posted Nov 12, 2020 12:03:00 PM
|
view attached
Reply
Reply Privately
Options Dropdown
CSA Announcements:
Current open peer reviews -
https://cloudsecurityalliance.org/research/contribute/
Recent releases -
cloudsecurityalliance.org/research/artifacts/
Upcoming events - cloudsecurityalliance.org/events/
IoT News
RUBRIC FOR APPLYING CVSS TO MEDICAL DEVICES:
https://www.mitre.org/publications/technical-papers/rubric-for-applying-cvss-to-medical-devices
GitHub:
https://github.com/mitre/md-cvss-rubric-tools
Open standard for ranking vulnerability severity and help determine the urgency and priority of response.
Plans to map to MITRE Framework
MITRE Hardware Design CWE special interest group (SIG):
https://cwe.mitre.org/data/definitions/1194.html
Forum for researchers and representatives from organizations operating in hardware design, manufacturing, and security to interact, share opinions and expertise, and leverage each other's experiences in supporting the continued growth and adoption of CWE as a common language for defining hardware security weaknesses
Contact Aaron G if interested in participating
MITRE ATT&CK Framework for ICS:
https://collaborate.mitre.org/attackics/index.php/Main_Page
ENISA Publishes Guidelines on Securing the IoT Supply Chain:
https://www.enisa.europa.eu/news/enisa-news/iot-security-enisa-publishes-guidelines-on-securing-the-iot-supply-chain
Documents:
IoT Framework and Guide v2 -
Current stage: Getting ready to publish. Currently working with a copy editor and graphic designer. Will move to publish after this step is complete.
Future Plans
Will need to release a mapping to CCM v4 once it is published
IoT Framework Shared Responsibility Matrix
Safety specific controls
Indicators of compromise
IoT Framework to European Union Agency for Network and Information Security (ENISA) Baseline Security Recommendations for IoT Mapping
IoT Framework to National Institute of Standards and Technology (NIST) Cyber Security Framework (CSF) and 800-53 Mapping
IAM for IoT v2 - Briefing (see attached pdf)
Previously scope was too broad. Things to consider this time around.
what areas should we focus on?
What format (checklist, cheat sheet, etc.)?
What would be the quickest win?
------------------------------
Hillary Baron CCSK v4
Program Manager, Research
CSA
Seattle WA
------------------------------
Attachment(s)
Planning Session.pdf
174 KB
1 version
×
New Best Answer
This thread already has a best answer. Would you like to mark this message as the new best answer?
Privacy Notice
|
Terms & Conditions
Copyright 2022. All rights reserved.
Powered by Higher Logic