Terminology change: differentiate security controls from security requirements #487
Comments
|
Would like to discuss this one further to understand what we are changing. |
|
@aaronlippold or @ejaronne can better explain this. |
|
|
|
I guess I would still call them controls vs. requirements. The requirement is part of the control at this point? Also I'm sure there is a lot of plumbing that refers to controls. |
|
The suggested update was for the UX only to deconflict the NIST control with the SRG 'requirement'. No backend changes just trying to clarify communication to the user. Let's put this PR as draft and we can talk about it as a team on our next sync call. |
|
Requirement, Item, control etc. what communicates the elments from the SRG best to the Vulcan end-user without them having to ask the 'is that the same as the NIST Control' or 'you know NIST has controls as well...' |
vanessuniq
added
ux
|
Saw this and thought i would post it as a further data point. I still feel once a component is created in vulcan those are controls at that point based on requirements. I don't think it should be confusing to understand that there are different frameworks involved that map to each other and that terminology and the context in which the terms are used matters.
|
|
Is this still on discussion? Should I move forward and replace the term or close this issue @rlakey @aaronlippold @ejaronne |
|
I thought we generally agreed but happy to double check |
|
We did not agree to this. |
Change the term 'control' in components to 'requirements' to deconflict the concept unit testing controls (using inspect) from the security controls from NIST
The text was updated successfully, but these errors were encountered: