-
Notifications
You must be signed in to change notification settings - Fork 12
Closed
Labels
Description
NIST SP800-63Crev4 describes security controls in section 3.10 (see #71). These are American security control frameworks that are not applicable to all enterprises worldwide.
chair hat off
I recommend the WG writes guidance that implementers SHOULD implement a security controls program such as 800-53 or FEDRAMP, but not be prescriptive about the specific control program. Allowing implementers choices that are relevant to their locale or industry will lead to better adoption.
chair hat on