Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

measurement frequency and sampling period are not defined in the published catalog (see section 3.2) #88

Open
pritikin opened this issue Mar 13, 2024 · 0 comments
Open

measurement frequency and sampling period are not defined in the published catalog (see section 3.2) #88

pritikin opened this issue Mar 13, 2024 · 0 comments

Comments

@pritikin
Copy link
Collaborator

team discussion 3/13

A stab was taken as part implementation guidance (see currently published catalog). But also in the primary data yaml file.

An organization will have a level of risk appetite. The exact values here might depend on that level of risk.

If there is transparency on the risk appetite, e.g. their choice of frequency and sampling period, then the catalog can have sufficient value. So if we decide to let this be set by the org then we're also agreeing that these "organizationally defined parameters" will be reported along with the metrics.

So our activity is to define some recommendation for these values given a "average" risk appetite. We'll insert that into the yaml but we are not yet committing to publishing that as part of the catalog.

The next update to the catalog must be clearer on this (such as reporting of these values) even if we don't yet expose these recommendations. This is a big update to section 3.2.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@pritikin