Supporting this initiative will help secure information system infrastructures by reducing multiple understandings or "opinion" based interpretations on control intent. When someone is asked to "secure their home", and they put in a sign that says "keep out"; the intent of the request is missed. A compliance framework should follow the recommended criteria that are being called into action. The "intent" of compliance frameworks is to ensure that overall risk is reduced to an acceptable level and data is protected. It is not intended to overburden security professionals with endless debates on interpretations. I fully support this initiative and echo the call for all frameworks to come together in harmony.
TJ Crews
- Signed:
- January 28, 2021