Cybersecurity requirements for telematics systems developed in collaboration with motor freight carriers, telematics service providers and cybersecurity experts.
Other
4
stars
3
forks
source link
correct syntax variations in quoted text for CTIA ICCTP references #30
Some references to CTIA ICCTP quote text that is not present in the referenced documents. As mentioned in issue #29, the current CTIA ICCTP references don’t seem to correlate with the reference on the GitHub mainly because some sections referred to in matrix were non-existent in the current document. This is why issue #29 proposes two possibilities of alternative CTIA documents that do contain the referenced sections.
However, some text quoted from the sections in the matrix does not appear in any of the two proposed documents. Requirements AC-020, CM-010 and SII-080 all have a reference to CTIA ICCTP, more specifically to the 5.17 Design-In Features section, as seen below:
AC-020: CTIA ICCTP 5.17 Design-In Features “designed to separate critical functions from non”
CM-010: CTIA ICCTP 5.17 Design-In Features “deny all inbound and outbound network connections by default
SII-080: CTIA ICCTP 5.17 Design-In Features “Fail Secure”
While the section in question is present in both the proposed documents from issue #29, the first two pieces of quoted text that follow each reference are not exactly present in either of them. In reality, some very similar text appears in both proposed documents, but with different wording than the quoted text in the matrix. Additionally, “fail secure” doesn’t provide much context for the reference.
Below are some similar alternatives to each of them that are present in both of the proposed documents (in section 5.17):
“designed to separate critical functions from non” could be replaced with “designed to isolate critical functions from less critical functions”
“deny all inbound and outbound network connections by default” could be replaced with “designed to deny all inbound and outbound network communications, except for those that are essential for the device to operate properly“
“Fail Secure” could be replaced with “device was designed to fail secure” OR “When failure is detected, the device goes to a secure state”
Some references to CTIA ICCTP quote text that is not present in the referenced documents. As mentioned in issue #29, the current CTIA ICCTP references don’t seem to correlate with the reference on the GitHub mainly because some sections referred to in matrix were non-existent in the current document. This is why issue #29 proposes two possibilities of alternative CTIA documents that do contain the referenced sections.
However, some text quoted from the sections in the matrix does not appear in any of the two proposed documents. Requirements AC-020, CM-010 and SII-080 all have a reference to CTIA ICCTP, more specifically to the 5.17 Design-In Features section, as seen below:
While the section in question is present in both the proposed documents from issue #29, the first two pieces of quoted text that follow each reference are not exactly present in either of them. In reality, some very similar text appears in both proposed documents, but with different wording than the quoted text in the matrix. Additionally, “fail secure” doesn’t provide much context for the reference.
Below are some similar alternatives to each of them that are present in both of the proposed documents (in section 5.17):