Impact: Describe the customer impact of the problem. Who will this help? How
will it help them?
Who: this will help CISOs and AOs and analysts who need to adhere to NIST 800-171/2 for fun and learning (and regulatory or contractual requirements).
How: OSCAL is the emerging standard created by NIST for expressing machine readable control requirements for security, processes, documentation requirements, privacy, assessments, and risks - and much more - currently being adopted by governments, non-profits, and enterprises. As it becomes both more adopted - and in some government procurement processes eventually required - it benefits the open source community to support OSCAL for end users who want to use it for their tech stacks using CNCF projects and tools.
Scope: How much effort will this take? ok to provide a range of options if or
"not yet determined" for initial proposals. Feel free to include proposed tasks
below or link a Google doc
Not yet determined but NIST is already leading the effort and has scaffolded the deliverables of a first OSCAL catalog for 171. So we can use this as a launching point.
Intent to lead:
[X] I volunteer to be a project lead on this proposal if the community is
interested in pursing this work. This statement of intent does not preclude
others from co-leading or becoming lead in my stead.
Proposal to Project:
[ ] Added to the planned meeting template for mm dd
[X] Raised in a Compliance WG meeting to determine interest - 10/22/2024 (and briefed the STAG on the WG activity on 10/23)
[ ] Collaborators comment on issue for determine interest and nominate project lead
[ ] Scope determined via meeting mm dd and/or shared document add link
with call for participation in #tag-security slack channel thread add link
and mailing list email add link
[ ] Scope presented to and voted on in the Compliance WG meeting
TO DO
[X] Project leader(s): @rficcaglia
[ ] Issue is assigned to project leaders
[ ] Project Members:
[ ] Fill in addition TODO items here so the project team and community can
see progress!
Description: what's your idea?
Impact: Describe the customer impact of the problem. Who will this help? How will it help them?
Who: this will help CISOs and AOs and analysts who need to adhere to NIST 800-171/2 for fun and learning (and regulatory or contractual requirements).
How: OSCAL is the emerging standard created by NIST for expressing machine readable control requirements for security, processes, documentation requirements, privacy, assessments, and risks - and much more - currently being adopted by governments, non-profits, and enterprises. As it becomes both more adopted - and in some government procurement processes eventually required - it benefits the open source community to support OSCAL for end users who want to use it for their tech stacks using CNCF projects and tools.
Scope: How much effort will this take? ok to provide a range of options if or "not yet determined" for initial proposals. Feel free to include proposed tasks below or link a Google doc
Not yet determined but NIST is already leading the effort and has scaffolded the deliverables of a first OSCAL catalog for 171. So we can use this as a launching point.
Intent to lead:
Proposal to Project:
[ ] Added to the planned meeting template for mm dd
[X] Raised in a Compliance WG meeting to determine interest - 10/22/2024 (and briefed the STAG on the WG activity on 10/23)
[ ] Collaborators comment on issue for determine interest and nominate project lead
[ ] Scope determined via meeting mm dd and/or shared document add link with call for participation in #tag-security slack channel thread add link and mailing list email add link
[ ] Scope presented to and voted on in the Compliance WG meeting
TO DO
[X] Project leader(s): @rficcaglia
[ ] Issue is assigned to project leaders
[ ] Project Members:
[ ] Fill in addition TODO items here so the project team and community can see progress!
[ ] Scope
[ ] Deliverable(s)
[ ] Project Schedule
[ ] Slack Channel (as needed)
[ ] Meeting Time & Day:
[ ] Meeting Notes (link)
[ ] Meeting Details (zoom or hangouts link)
[ ] Retrospective
@ancatri