4 results found
-
6.1.12- "R2 Assessments Only?"
The Assessed Entity must select whether they will be including all CSF security controls within the assessment or only those required for certification, along with whether Privacy controls should be included in the Assessment. – Does this need to read, “for r2 assessments only.”
1 vote -
1 vote
-
Additions to section 6 pt2
Addition to Organization/Company Background section Pg.28: We recommend that clients avoid using we, us, our, etc. If agreed this can be added to 6.1.15 and 6.1.17
Addition to Primary Mailing Address section Pg.29: In reference to the first bullet point "Platforms/Systems: The Platforms/Systems table should contain all platforms/systems contained within the scope of the assessment. " It would be nice to have an appendix added for each of these webforms would be helpful for the clients to get an idea of how much detail to share.
1 vote -
Additions to section 6
- Pre-Assessment, pg.27 - there is an extra word, "of": "The following section outlines the six webforms of that comprise the pre-assessment.."
- Pg.27 6.1.10 - the link is missing: "The Assessed Entity must select the CSF version to be used during the assessment. For additional information on the various versions of the CSF, see <insert link>."
1 vote