-
After we get our first cut done, I would like to see if we could add support in the treemap to also support the CIS control mappings as well.
Our cis profiles will need some tag standardization bu…
-
As a compliance auditor, I can customize a framework by choosing which parts of the framework are included, modifying the framework, and extending the framework.
Required Resources:
- A framework …
-
Microsoft Secure Score Improvement Actions points to this repository to download EnableMailboxAuditing.ps1, but the file appears to be missing?
>Category: Data
>User impact: Low
>Protects against: …
-
## Question
how can I correlate the 5 cybersecurity functions https://www.nist.gov/cyberframework/online-learning/five-functions to d3fend entities?
For example:
nist:Detect iso:related d3f:D…
-
### User Story
As an OSCAL community member, in order to better understand where my work and effort stand in the community, I want to know what kinds of people in the security industry (or in tech, a…
-
-
### ⚠️ Please verify that this feature request has NOT been suggested before.
- [X] I checked and didn't find similar feature request
### 🏷️ Feature Request Type
New Notification, New Monitor, Othe…
-
### Describe the bug
The use of `@class` is under-defined in the OSCAL syntax leading to inconsistent or ambiguous usage in actual content.
When analyzing the current uses cases of `@class` in NI…
-
Research and document in Architectural Decision Records (ADRs) ways of conserving UUIDs (root UUID and elements' UUIDs) unless there is a language change in the data.
-
### User Story
As a developer of Metaschema-based OSCAL tooling, in order to more effectively manage custom constraints and NIST-maintained constraints in easy-to-combine way, I would like the constr…