Colleagues, Following on from the F2F discussions in London, where a report on the Network Security activity was sought, I’m attaching our final report.
The TL;DR is essentially: * We recognise that the NCSSRs are a bit outdated and don’t call out salient security features of today’s working environments * We looked at CIS and ISO27K as starting points to replace the NCSSRs but decided against such an approach * We don’t think that just dumping the NCSSRs and going forward with nothing is a good idea at all * We think that incremental changes to the NCSSRs, using a risk-assessment methodology probably represents the best way of bringing the requirements up to date in a way which forum members will be likely to find acceptable. (Fellow NetSec members: if I’ve spoken out of turn in the above, feel free to correct me on-list) Hope the document is useful in representing where our thoughts are. All feedback, commentary and general observations are most welcome. Best regards, Neil
NetSec-Report.pdf
Description: Adobe PDF document
_______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
