You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
NSR.md contains four main sections with an alphabetical list of requirements. Can we split these requirements up into individual sub sections so that the document can be automatically parsed for adoption into a GRC system?
The biggest impact of this change is that we need to define a title for each requirement.
Now:
# 1. GENERAL PROTECTIONS FOR THE NETWORK AND SUPPORTING SYSTEMS
Each CA or Delegated Third Party SHALL:
a. Segment Certificate Systems into networks based on their functional or logical relationship, for example separate physical networks or VLANs;
b. Apply equivalent security controls to all systems co-located in the same network with a Certificate System;
Proposed:
# 1. GENERAL PROTECTIONS FOR THE NETWORK AND SUPPORTING SYSTEMS
Each CA or Delegated Third Party SHALL:
## 1.a. Network Segments
Segment Certificate Systems into networks based on their functional or logical relationship, for example separate physical networks or VLANs;
## 1.b. Security Controls
Apply equivalent security controls to all systems co-located in the same network with a Certificate System;
(I'm using ## 1.a instead of ## 1.1 to keep existing references to these sections)
The text was updated successfully, but these errors were encountered:
A little of the document structure was touched on in 3df1fbc0d0ea14f8163d6fed6c64b1dc90dfee77 , although the revamp to full sections was not explored.
I'm not sure, however, how to interpret or generalized the requirements for a GRC system (presumably, governance, risk, and compliance?), and how section titles meaningfully improve that. However, it's something the NetSec subcommittee can continue to look at.
NSR.md contains four main sections with an alphabetical list of requirements. Can we split these requirements up into individual sub sections so that the document can be automatically parsed for adoption into a GRC system?
The biggest impact of this change is that we need to define a title for each requirement.
Now:
Proposed:
(I'm using ## 1.a instead of ## 1.1 to keep existing references to these sections)
The text was updated successfully, but these errors were encountered: