“other necessary data” is not clear from the context of event information section

[jlepp-BLACKBERRY]

Technical > Cybersecurity Event Awareness > Access to Event Information - the line “information about the IoT device’s cybersecurity state and other necessary data (e.g., trustworthy time).” is vague and would be difficult for the IoT device manufacturer to build a device to.

Clarification of “other necessary data” would be helpful. The definition of “cybersecurity state” in NIST IR 8259A does not provide sufficient context to ascertain what “other necessary data” is. We request further references or more examples.

[kevingbrady]

"Thank you for your comments. They've been reviewed and have been useful to our technical team. You will soon see the updated versions of these catalogs on the new GitHub page: IoT Device Cybersecurity Requirements Catalog."