26 results found

1. Add NIST SP800-53 R5 as a new/updated Authoritative Source
   1 vote

   Vote Vote Vote

   We're glad you're here

   Please sign in to leave feedback

   Signed in as (Sign out)

   Close

   Close

   Vote

   We’ll send you updates on this idea

   Planned  ·  0 comments  ·  Included authoritative sources  ·  Delete…  ·  Admin →
   How important is this to you?

   Not at all You must login first! Important You must login first! Critical You must login first!

   We're glad you're here

   Please sign in to leave feedback

   Signed in as (Sign out)

   Close

   Close

2. Add Brazil's Lei Geral de Proteção de Dados (LGPD) as a new Authoritative Source
   0 votes

   Vote Vote Vote

   We're glad you're here

   Please sign in to leave feedback

   Signed in as (Sign out)

   Close

   Close

   Vote

   We’ll send you updates on this idea

   0 comments  ·  Included authoritative sources  ·  Delete…  ·  Admin →
   How important is this to you?

   Not at all You must login first! Important You must login first! Critical You must login first!

   We're glad you're here

   Please sign in to leave feedback

   Signed in as (Sign out)

   Close

   Close

3. Add Malaysia Personal Data Protection Act as a new Authoritative Source
   0 votes

   Vote Vote Vote

   We're glad you're here

   Please sign in to leave feedback

   Signed in as (Sign out)

   Close

   Close

   Vote

   We’ll send you updates on this idea

   0 comments  ·  Included authoritative sources  ·  Delete…  ·  Admin →
   How important is this to you?

   Not at all You must login first! Important You must login first! Critical You must login first!

   We're glad you're here

   Please sign in to leave feedback

   Signed in as (Sign out)

   Close

   Close

4. Add Hong Kong’s Personal Data Privacy Ordinance as a new Authoritative Source
   0 votes

   Vote Vote Vote

   We're glad you're here

   Please sign in to leave feedback

   Signed in as (Sign out)

   Close

   Close

   Vote

   We’ll send you updates on this idea

   0 comments  ·  Included authoritative sources  ·  Delete…  ·  Admin →
   How important is this to you?

   Not at all You must login first! Important You must login first! Critical You must login first!

   We're glad you're here

   Please sign in to leave feedback

   Signed in as (Sign out)

   Close

   Close

5. in v10: No requirements should dictate scope

   In the requirement, "Risk designations are assigned for all positions in the organization", a scope of the whole organization is forced through the wording. In v10, no requirements should dictate scope in and of themselves and should instead be written in such a way that they can be tested to the assessment's scope.

   4 votes

   Vote Vote Vote

   We're glad you're here

   Please sign in to leave feedback

   Signed in as (Sign out)

   Close

   Close

   Vote

   We’ll send you updates on this idea

   Planned  ·  0 comments  ·  Increased Customization  ·  Delete…  ·  Admin →
   How important is this to you?

   Not at all You must login first! Important You must login first! Critical You must login first!

   We're glad you're here

   Please sign in to leave feedback

   Signed in as (Sign out)

   Close

   Close

6. An easy way to determine exact number of CSF elements in the policy illustrative procedure

   Assessors and assessed entities could benefit from something communicating the exact number of CSF implementation specifications present in the policy illustrative procedures. This could be through something like a number that precedes the policy illustrative procedure or even consistent use of roman numerals in the policy illustrative procedure. This would help everyone involved in preparing for, performing, and reviewing assessments ensure they are working with a generally understood denominator for scoring calculations.

   For example:
   Instead of saying "Inspect written policies to determine that they contain X, Y, and Z.", the policy illustrative procedure could display as,
   "Inspect written policies to determine that they contain (i) X, (ii) Y, and (iii) Z"
   or even
   "{3} Inspect written policies to determine that they contain X, Y, and Z."

   Assessors and assessed entities could benefit from something communicating the exact number of CSF implementation specifications present in the policy illustrative procedures. This could be through something like a number that precedes the policy illustrative procedure or even consistent use of roman numerals in the policy illustrative procedure. This would help everyone involved in preparing for, performing, and reviewing assessments ensure they are working with a generally understood denominator for scoring calculations.

   For example:
   Instead of saying "Inspect written policies to determine that they contain X, Y, and Z.", the policy illustrative procedure could display as,
   "Inspect written policies to… more

   14 votes

   Vote Vote Vote

   We're glad you're here

   Please sign in to leave feedback

   Signed in as (Sign out)

   Close

   Close

   Vote

   We’ll send you updates on this idea

   Planned  ·  4 comments  ·  Clarity  ·  Delete…  ·  Admin →
   How important is this to you?

   Not at all You must login first! Important You must login first! Critical You must login first!

   We're glad you're here

   Please sign in to leave feedback

   Signed in as (Sign out)

   Close

   Close