In order to adopt a compliance workflow that can leverage more automation and validation, we should explore using some of the open-source OSCAL tooling.
Acceptance Criteria
[ ] A public report on what we learned (a comment below should suffice).
Security considerations
Low/Safe: OSCAL is mandated. We should ponder CUI when committing any SSP-related content.
Implementation sketch
[ ]: Explore OSCAL-Pydantic as a way to model SSP or other compliance documentation
Yesterday I met with Robert Sherwood of Credentive to discuss the OSCAL-Pydantic project. My work on OSCAL-Pydantic I'm going to document in the Wiki of my fork of the project.
In order to adopt a compliance workflow that can leverage more automation and validation, we should explore using some of the open-source OSCAL tooling.
Acceptance Criteria
Security considerations
Low/Safe: OSCAL is mandated. We should ponder CUI when committing any SSP-related content.
Implementation sketch