OASIS MQTT Security Subcommittee

Comment Resolution Log

This document provides a summary log for all comments received by the MQTT Security Subcommittee during 'public review' periods. It captures the date, original comment email source, the name of the originator, a summary of the comment and the SC action(s) taken in response.

Comments received during MQTT Security Subcommittee Committee Node Public Review Draft (CNPRD) 01 public review period (April 22nd 2014 – May 21st 2014)

Note: updated 5th June to capture detail on resolution of each TAB issue.

Date / Comment email link / Originator / Summary / TC action
Apr 21st 2014 / / Tim Kellogg / Clarify Energy Provider Cybersecurity Program Subsection / Accepted by SC and resolved under JIRA issue MQTT 218 >
May 21st 2014 / / Patrick Durusau / OASIS Technical Architecture Board (TAB) review of CNPRD01: term “described below” is vague. / Accepted by SC and resolved under Jira issue
Changes made in >
May 21st 2014 / / Patrick Durusau / OASIS Technical Architecture Board (TAB) review of CNPRD01: Section 1.1 has no content / Accepted by SC and resolved under Jira issue
Changes made in >
May 21st 2014 / / Patrick Durusau / OASIS Technical Architecture Board (TAB) review of CNPRD01: Section 1.1 has no content: imprecise link to Council on CyberSecurity (CCS) / Accepted by SC and resolved under Jira issue
Changes made in >
May 21st 2014 / / Patrick Durusau / OASIS Technical Architecture Board (TAB) review of CNPRD01: Change introduction of Section 1.2 to “Useful background reading resources include:" / Accepted by SC and resolved under Jira issue
Changes made in >
May 21st 2014 / / Patrick Durusau / OASIS Technical Architecture Board (TAB) review of CNPRD01: add reference to NIST Cybersecurity Framework. Restructure to align more closely with the NIST Cybersecurity framework / Reference added. However The SC chose not to progress suggestions in TAB-1008 (MQTT-223) and sections more closely to the NIST Cybersecurity framework. The SC felt the current format promoted a degree of flexibility. Resolved under Jira issue
Changes made in >
May 21st 2014 / / Patrick Durusau / OASIS Technical Architecture Board (TAB) review of CNPRD01: add reference to MQTT. / Accepted by SC and resolved under Jira issue
Changes made in >
May 21st 2014 / / Patrick Durusau / OASIS Technical Architecture Board (TAB) review of CNPRD01: improve readability by enumerating components of the framework. / Accepted by SC and resolved under Jira issue
Changes made in >
May 21st 2014 / / Patrick Durusau / OASIS Technical Architecture Board (TAB) review of CNPRD01: Fix links to ANSI/ISA-62443-2-1 (99.02.01)-2009 and
ANSI/ISA-62443-3-3 (99.03.03)-2013 / Accepted by SC and resolved under Jira issue
Changes made in >
May 21st 2014 / / Patrick Durusau / OASIS Technical Architecture Board (TAB) review of CNPRD01: Fix link to Control Objectives for Information and Related Technology (COBIT) / Accepted by SC and resolved under Jira issue
Changes made in >
May 21st 2014 / / Patrick Durusau / OASIS Technical Architecture Board (TAB) review of CNPRD01: add links to specs referenced in section 1.4.2 / Accepted by SC and resolved under Jira issue
Changes made in >
May 21st 2014 / / Patrick Durusau / OASIS Technical Architecture Board (TAB) review of CNPRD01: add hyperlink to support internal reference to “Section 2” / Accepted by SC and resolved under Jira issue
Changes made in >
May 21st 2014 / / Patrick Durusau / OASIS Technical Architecture Board (TAB) review of CNPRD01: fully qualify reference to ISO/IEC 27001:2013 / Accepted by SC and resolved under Jira issue
Changes made in >
May 21st 2014 / / Patrick Durusau / OASIS Technical Architecture Board (TAB) review of CNPRD01: Remove sentence starting “Because the MQTT cybersecurity Framework is smaller in scope” / No editorial change made, resolved under Jira issue
May 21st 2014 / / Patrick Durusau / OASIS Technical Architecture Board (TAB) review of CNPRD01: Hanging paragraph under Section 1.3 / Accepted by SC and resolved under Jira issue
Changes made in >