Change notes (as compared to version 2.2): - conditional formatting errors fixed - scrolling error fixed for sheets that did not allow scrolling with the scroll wheel - Fixed 'questions remaining' showing for questions set to importance 'none' - Fixed calculation error for section Reporting/Communication Change notes (as compared to version 2.1): Business domain: - Governance: - question 4.10 added (external SOC cooperation) - Privacy & Policy: - questions 5.1, 5.2 and 5.3 added (security policy) - question 5.4: additional NIST mapping applied People domain: - Employees: - questions 1.9 and 1.10 added (KSAOs) - People Management: - questions 3.5 and 3.6 added, renumbering applied (team goals and tracking of goals) - questions 3.13 and 3.14 added (multi-team systems and team performance) - Knowledge management: - question 4.4.1 added, renumbering applied (employee abilities) Process domain: - Operations and facilities: - question 2.1.6 added (OPSEC program) - questions 2.3.2, 2.3.5, 2.3.9 added, renumbering applied (war room, physical storage, remote working) - question 2.4.2 added, renumbering applied (viligance) - Reporting: (changed to reporting & communication) - question 3.8.6 added (proactive & reactive metrics) - questions 3.10.1 and 3.10.2 added (education & awareness) - question 3.11 added (communication) - Use case management: - question 4.1.9 (testing use cases) moved to detection engineering, renumbering applied - section 4.2 added (Mitre ATT&CK) - section 4.3 added (visbility) - Detection Engineering & Validation: - completely new section Technology domain: - Maintenance and support removed from capabilities, and moved to maturity (section x.4), renumbering applied. Applies to all technologies Services domain: - All services now include a question about onboarding procedure for that service - Threat Intelligence - question 4.14.25 added, renumbering applied (threat landscaping) - question 4.14.31 added (CTI infrastructure management) Backend improvements: - calculations improved and simplified - Index updated from percentage completed to remaining questions - generic guidance applied for all capabilities (technology & services domain) - guidance added for new questions Bug fixes & typos: - Typos fixed where found - conditional formatting error fixed License updated: - CC BY-SA instead of GPLv3