Ryan Armstrong
Ryan Armstrong
If few people look at the text, I don't see a need to target any specific length, long or short. It is easy enough to skip. IMO the necessary information...
@cmlh Related discussion: #2101
@tghosth Do you mean for 1.3 items to reference requirements in V3 or for there to be something like an in-order alignment between 1.3 and V3 sections?
Yes, but my question is: what form should complementary requirements take? This is of course related to V3.6.
@tghosth We did not come to a precise conclusion following further discussion, but this is a reformulated attempt to meet 3.6.1 needs. Proposal: | # | Description | L1 |...
@tghosth please consider the following in conjunction with #1190: | # | Description | L1 | L2 | L3 | | :--------: | :----- | :-: | :-: | :-:...
@tghosth Agreed, try this: | L1 | L2 | L3 | | :--------: | :----- | :-: | :-: | :-: | | **1.3.3** | Verify that all systems that...
@tghosth please see #2336
Revision 4 is not yet finalized (they are not in line with the projected timelines), but based on the current version ([2nd public draft](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63B-4.2pd.pdf)), the following changes impact V3 timeouts:...
For V1, I opened #2076. For session timeout requirements, my question is this: should the ASVS wait for the final version of the SP 800-63B revision 4?