Closed BenWilson-Mozilla closed 3 months ago
Additionally, the NetSec requirements should be re-categorized into the following domains:
PROGRAM MANAGEMENT (PM) PM-1: CAs shall implement and maintain a Network and Systems Security Program. ... PERSONNEL SECURITY (PS) ACCESS CONTROL (AC) NETWORK SECURITY (NS) OFFLINE SYSTEMS (OL) or AIR-GAPPED (AG) PHYSICAL AND ENVIRONMENTAL SECURITY (PE) CONFIGURATION MANAGEMENT (CM) MONITORING AND LOGGING (ML) VULNERABILITY MANAGEMENT (VM)
Here is an example - https://drive.google.com/file/d/1HPMVQ6mCkEwbCl2c5e-1FbHy4TPb0PwQ/view?usp=sharing
Added in #33
An example of high-level criteria accomplished by the individual sections of the NCSSRs might include: