What to do with new or extended content that is beyond the scope of the baseline? #6
Description
This question is in contrast to "updating the baseline": What about "beyond the baseline"?
What would be the best way to publish additional content or submissions that aren't quite in line with the scope of the original C2 baseline?
"Adding a capability to the baseline" is not the intent here. Instead, what do we do with usage guidelines, levels/categories/sectors and discussions of same, or application-specific considerations (e.g.: P2P networking security; data access and storage security for specific device categories like smart speakers; new DNS standards relative to DoH/DoT)? White paper? New Annexes? A new top-level document?