4 results found
-
in v10: No requirements should dictate scope
In the requirement, "Risk designations are assigned for all positions in the organization", a scope of the whole organization is forced through the wording. In v10, no requirements should dictate scope in and of themselves and should instead be written in such a way that they can be tested to the assessment's scope.
4 votes -
Make all 44 authoritative sources into optional (selectable) regulatory factors
When setting up a new assessment, only a subset of the 44 authoritative sources in the CSF today are selectable / optional regulatory factors. Instead, 44 authoritative sources should be made into optional (selectable) regulatory factors.
2 votes -
2 votes
-
2 votes
- Don't see your idea?