IP Sprint: Explore OSCAL tooling

cloud-gov / product

Program-level artifacts, workflow and issues for cloud.gov

Creative Commons Zero v1.0 Universal

29 stars 15 forks source link

IP Sprint: Explore OSCAL tooling #2816

Closed pburkholder closed 6 months ago

pburkholder commented 7 months ago

In order to adopt a compliance workflow that can leverage more automation and validation, we should explore using some of the open-source OSCAL tooling.

Acceptance Criteria

[ ] A public report on what we learned (a comment below should suffice).

Security considerations

Low/Safe: OSCAL is mandated. We should ponder CUI when committing any SSP-related content.

Implementation sketch

[ ]: Explore OSCAL-Pydantic as a way to model SSP or other compliance documentation

pburkholder commented 7 months ago

2023-12-15

Yesterday I met with Robert Sherwood of Credentive to discuss the OSCAL-Pydantic project. My work on OSCAL-Pydantic I'm going to document in the Wiki of my fork of the project.