its-a-lisa-at-work
commented
4 years ago @JJediny I was also thinking the other day and came up with a couple of ideas related to this ..
-
I would like to take typical CIO policy and acquisition policy, etc -- and bump it against the NIST 800-53 control set to determine if there is any policy that is written, that unkowningly helps satisfies any controls. Think this also relates to #152
-
Look into Augmented Writing for SSPs I came across textio.com the other day and thought that is more in line for what we're trying to get at and I agree w/ the comment that there is a risk of people just copying boiler plate when presented with examples, so would like to avoid that as much as possible.
ryanwoldatwork
User Story
As a new/existing/future TTS System Owner, I want to have examples of language for security controls, I want to know what is common vs what is unique, and most importantly I want to have a sample/example to work from.
Furthermore, as the Tech Portfolio, I want to know which controls are common, which are of shared responsibility (and how are they similar), and which can be applied tts-wide as an abstraction.
Background
@afeld produced a great working example of taking a corpus of SSPs and parsing the controls into an NLP framework - https://github.com/uscensusbureau/fismatic. Little investment is needed to leverage this past work for newly accessible TTS SSPs.
Acceptance
analysispython notebook to analyze comparative text from the same controls more in-depth.