clintwilson
commented
6 months ago In 2.2.1.3, I used "all access"; do you think updating 2.2.1 and 2.2.3 likewise would address the concern (i.e. adding "all" in front of "access")?
Closed dja852 closed 4 months ago
clintwilson
commented
6 months ago In 2.2.1.3, I used "all access"; do you think updating 2.2.1 and 2.2.3 likewise would address the concern (i.e. adding "all" in front of "access")?
dja852
commented
6 months ago I would do that, but I can also see arguments (and have heard arguments) that 'all access' may not include physical. If the intent is for physical to be included, then I would be as explicit as you can.
One suggestion would be between these lines:
https://github.com/cabforum/netsec/blob/a256f31ac277204a348106b6bfb511147baa23c6/docs/NSR.md?plain=1#L267-L269
you could add a clarification of something like Within this section 2, references to 'access' include all physical and logical access mechanisms unless otherwise specified.
clintwilson
commented
4 months ago Addressed in #33
@clintwilson
In the following requirements, it is unclear whether the intent is for logical access, physical access, or both. I would recommend explicitly clarifying this for each requirement so there is no confusion.
https://github.com/cabforum/netsec/blob/a256f31ac277204a348106b6bfb511147baa23c6/docs/NSR.md?plain=1#L286-L315 https://github.com/cabforum/netsec/blob/a256f31ac277204a348106b6bfb511147baa23c6/docs/NSR.md?plain=1#L325-L330