-
NIST is developing the [Open Security Controls Assessment Language](https://csrc.nist.gov/Projects/Open-Security-Controls-Assessment-Language) (OSCAL), a set of hierarchical, XML-, JSON-, and YAML-bas…
-
ENISA has published a Guideline on State of the art for Technical and Organisational measures. Georg/Signatu have proposed these be integrated into DPV's TOMs concepts - see [email with attached docum…
-
## Question
how can I correlate the 5 cybersecurity functions https://www.nist.gov/cyberframework/online-learning/five-functions to d3fend entities?
For example:
nist:Detect iso:related d3f:D…
-
As a compliance auditor, I can see a framework in a human-readable format.
Required Resources:
- A framework in a machine-readable OSCAL format (e.g., NIST CSF, PCI DSS)
Goals:
1. Create the …
-
After we get our first cut done, I would like to see if we could add support in the treemap to also support the CIS control mappings as well.
Our cis profiles will need some tag standardization bu…
-
### User Story
As a developer of Metaschema-based OSCAL tooling, in order to more effectively manage custom constraints and NIST-maintained constraints in easy-to-combine way, I would like the constr…
-
### User Story
As an OSCAL community member, in order to better understand where my work and effort stand in the community, I want to know what kinds of people in the security industry (or in tech, a…
-
As a compliance auditor, I can customize a framework by choosing which parts of the framework are included, modifying the framework, and extending the framework.
Required Resources:
- A framework …
-
Microsoft Secure Score Improvement Actions points to this repository to download EnableMailboxAuditing.ps1, but the file appears to be missing?
>Category: Data
>User impact: Low
>Protects against: …
-
### Describe the bug
The use of `@class` is under-defined in the OSCAL syntax leading to inconsistent or ambiguous usage in actual content.
When analyzing the current uses cases of `@class` in NI…