This forum uses cookies
This forum makes use of cookies to store your login information if you are registered, and your last visit if you are not. Cookies are small text documents stored on your computer; the cookies set by this forum can only be used on this website and pose no security risk. Cookies on this forum also track the specific topics you have read and when you last read them. Please confirm whether you accept or reject these cookies being set.

A cookie will be stored in your browser regardless of choice to prevent you being asked this question again. You will be able to change your cookie settings at any time using the link in the footer.

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
SOC-CMM v2.2 (beta release)
#2
Change notes (as compared to version 2.1):

Business domain:
- Governance:
  - question 4.10 added (external SOC cooperation)
- Privacy & Policy:
  - questions 5.1, 5.2 and 5.3 added (security policy)
  - question 5.4: additional NIST mapping applied

People domain:
- Employees:
  - questions 1.9 and 1.10 added (KSAOs)
- People Management:
  - questions 3.5 and 3.6 added, renumbering applied (team goals and tracking of goals)
  - questions 3.13 and 3.14 added (multi-team systems and team performance)
- Knowledge management:
  - question 4.4.1 added, renumbering applied (employee abilities)

Process domain:
- Operations and facilities:
  - question 2.1.6 added (OPSEC program)
  - questions 2.3.2, 2.3.5, 2.3.9 added, renumbering applied (war room, physical storage, remote working)
  - question 2.4.2 added, renumbering applied (viligance)
- Reporting:
  - question 3.8.6 added (proactive & reactive metrics)
  - questions 3.10.1 and 3.10.2 added (education & awareness)
- Use case management:
  - question 4.1.9 (testing use cases) moved to detection engineering, renumbering applied
  - section 4.2 added (Mitre ATT&CK)
  - section 4.3 added (visbility)
- Detection Engineering & Validation:
  - completely new section

Technology domain:
- Maintenance and support removed from capabilities, and moved to maturity (section x.4), renumbering applied. Applies to all technologies

Services domain:
- Threat Intelligence
  - question 4.14.25 added, renumbering applied (threat landscaping)
  - question 4.14.31 added (CTI infrastructure management)

Backend improvements:
- calculations improved and simplified
- Index updated from percentage completed to remaining questions
- generic guidance applied for all capabilities (technology & services domain)
- guidance added for new questions

Bug fixes & typos:
- Typos fixed where found
- conditional formatting error fixed

License updated:
- CC BY-SA instead of GPLv3
Reply


Messages In This Thread
SOC-CMM v2.2 (beta release) - by robvanos - 10-01-2021, 01:01 PM
RE: SOC-CMM v2.2 (beta release) - by robvanos - 10-12-2021, 08:36 AM

Forum Jump:


Users browsing this thread: 1 Guest(s)