Date: Tuesday, November 14, 2023
Meeting Attendees: Nuno F, John Jiang, Pius N
Topics discussed:
- End-goal deliverables:
· Discussion was centered on the vision of the final materials and product of the sub-working group, based on the questions raised during the QSS meeting (Nov 7).
· The group settled on two documents as the final product –
o (Already created - WIP) - a spreadsheet listing controls matrix based on CSA-CCM, similar to what the IoT working group created (IoT Security Controls)
o (To be created) - a Word document supplementary or guideline to the control matrix. Care to be taken in nomenclature and be vendor or sector agnostic
2. A review of workstream (IoT): work analyzed the published IoT control matrix given that we plan to use as a working model.
Observations on the IoT Controls Matrix:
o additional domains and subdomain were defined to incorporate new class-specific controls;
o new IoT domains map to CCM domains;
o quite comprehensive and offers additional materials and references for identified and applicability of controls.
3. Next steps: Plan / continue to leverage the CCM (control matrix) as discussed in #1, above.
Ask to the subgroup team/volunteers:
1. Clean-up and update all necessary fields/columns within the control matrix (Nuno)
2. For each flagged QSS candidate control, please assign your name to controls of interest. Special thanks go to Guncha, Craig, for putting your names against the some of the proposed controls.
3. For each relevant control, populate ALL applicable fields within the control matrix e.g. brief explanation on control applicability, impact (confidentiality, integrity availability) etc.
After about an 1hr 5 min, the meeting adjourned.
Next subgroup meeting: Nov 28
------------------------------
Pius Ndebele
Principal Consultant
Aetas Capitus Inc
------------------------------