10-12-2021, 08:36 AM
Change notes (as compared to version 2.1):
Business domain:
- Governance:
- question 4.10 added (external SOC cooperation)
- Privacy & Policy:
- questions 5.1, 5.2 and 5.3 added (security policy)
- question 5.4: additional NIST mapping applied
People domain:
- Employees:
- questions 1.9 and 1.10 added (KSAOs)
- People Management:
- questions 3.5 and 3.6 added, renumbering applied (team goals and tracking of goals)
- questions 3.13 and 3.14 added (multi-team systems and team performance)
- Knowledge management:
- question 4.4.1 added, renumbering applied (employee abilities)
Process domain:
- Operations and facilities:
- question 2.1.6 added (OPSEC program)
- questions 2.3.2, 2.3.5, 2.3.9 added, renumbering applied (war room, physical storage, remote working)
- question 2.4.2 added, renumbering applied (viligance)
- Reporting:
- question 3.8.6 added (proactive & reactive metrics)
- questions 3.10.1 and 3.10.2 added (education & awareness)
- Use case management:
- question 4.1.9 (testing use cases) moved to detection engineering, renumbering applied
- section 4.2 added (Mitre ATT&CK)
- section 4.3 added (visbility)
- Detection Engineering & Validation:
- completely new section
Technology domain:
- Maintenance and support removed from capabilities, and moved to maturity (section x.4), renumbering applied. Applies to all technologies
Services domain:
- Threat Intelligence
- question 4.14.25 added, renumbering applied (threat landscaping)
- question 4.14.31 added (CTI infrastructure management)
Backend improvements:
- calculations improved and simplified
- Index updated from percentage completed to remaining questions
- generic guidance applied for all capabilities (technology & services domain)
- guidance added for new questions
Bug fixes & typos:
- Typos fixed where found
- conditional formatting error fixed
License updated:
- CC BY-SA instead of GPLv3
Business domain:
- Governance:
- question 4.10 added (external SOC cooperation)
- Privacy & Policy:
- questions 5.1, 5.2 and 5.3 added (security policy)
- question 5.4: additional NIST mapping applied
People domain:
- Employees:
- questions 1.9 and 1.10 added (KSAOs)
- People Management:
- questions 3.5 and 3.6 added, renumbering applied (team goals and tracking of goals)
- questions 3.13 and 3.14 added (multi-team systems and team performance)
- Knowledge management:
- question 4.4.1 added, renumbering applied (employee abilities)
Process domain:
- Operations and facilities:
- question 2.1.6 added (OPSEC program)
- questions 2.3.2, 2.3.5, 2.3.9 added, renumbering applied (war room, physical storage, remote working)
- question 2.4.2 added, renumbering applied (viligance)
- Reporting:
- question 3.8.6 added (proactive & reactive metrics)
- questions 3.10.1 and 3.10.2 added (education & awareness)
- Use case management:
- question 4.1.9 (testing use cases) moved to detection engineering, renumbering applied
- section 4.2 added (Mitre ATT&CK)
- section 4.3 added (visbility)
- Detection Engineering & Validation:
- completely new section
Technology domain:
- Maintenance and support removed from capabilities, and moved to maturity (section x.4), renumbering applied. Applies to all technologies
Services domain:
- Threat Intelligence
- question 4.14.25 added, renumbering applied (threat landscaping)
- question 4.14.31 added (CTI infrastructure management)
Backend improvements:
- calculations improved and simplified
- Index updated from percentage completed to remaining questions
- generic guidance applied for all capabilities (technology & services domain)
- guidance added for new questions
Bug fixes & typos:
- Typos fixed where found
- conditional formatting error fixed
License updated:
- CC BY-SA instead of GPLv3