From 5e38b91427bd8f8d250f6b775bcc0706c576ff33 Mon Sep 17 00:00:00 2001
From: Roman <romanf@trash.net>
Date: Mon, 29 Dec 2025 14:51:10 +0100
Subject: [PATCH] Update NIST reference from Revision 3 to Revision 4

---
 docs/NSR.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/NSR.md b/docs/NSR.md
index f4e9f23..a163fb9 100644
--- a/docs/NSR.md
+++ b/docs/NSR.md
@@ -347,7 +347,7 @@ The CA MUST enforce the use of Multi-Party Control for physical access to any Ro
 
 ##### 2.2.5
 
-The CA SHOULD ensure passwords used as authentication credentials for accounts on CA Infrastructure, Network Boundary Controls, or Workstations are generated and managed in accordance with NIST 800-63B Revision 3 Appendix A. Access to shared credentials MUST:
+The CA SHOULD ensure passwords used as authentication credentials for accounts on CA Infrastructure, Network Boundary Controls, or Workstations are generated and managed in accordance with [https://csrc.nist.gov/pubs/sp/800/63/B/4/final](NIST 800-63B Revision 4 Appendix A). Access to shared credentials MUST:
 
 * be limited to personnel based on the Principle of Least Privilege; and
 * comply with section 2.2.1.2.