[Presentation] Trestle/OSCAL Presentation

[nadgowdas]

Title: Deep-dive on trestle and oscal mapping

Speakers: Who will be presenting this? List names/github IDs of presenters. @nadgowdas to reach out to trestle developers

Description: Describe in a short paragraph what the presentation is about.

Time: How long will the presentation take? (estimate) 40 mins

Availability: What is the availability times of the speakers to present the topic? Meeting times are listed on the landing page.

TO DO

• [x] TAG Representative @lumjjb (topics came out during 1/26 meeting, interest to dive deeper by group)
• [ ] Schedule date
• [ ] By opening this issue, I, (Insert Github Handle/Name) acknowledge that the presentation topic and speaker will follow the presentation guidelines

[vikas-agarwal76]

@nadgowdas requested me to give a presentation on OSCAL/Trestle. Due to timezone differences and the current meeting time, it would be around midnight my time. Hence, we decided to schedule this presentation later next month once the time difference is less (due to daylight savings time). Meanwhile, here are some references for Trestle project that one can explore -

• Github repo - https://github.com/IBM/compliance-trestle
• Detailed documentation on trestle - https://ibm.github.io/compliance-trestle
• Some demos with sample data on using trestle - https://github.com/IBM/compliance-trestle-demos

[lumjjb]

Hi @vikas-agarwal76 , thanks for coming in and giving a presentation!

How does 23rd Feb work for you?

Also, please acknowledge that you've read and agree to the presentation guidelines

[vikas-agarwal76]

As discussed with @nadgowdas, the presentation will be scheduled sometime late March.

[lumjjb]

Ah okay - it's 31 Jan here still, so I thought that you were referring to Feb :). @nadgowdas ill leave you to putting out a date then.

[nadgowdas]

Yes, It's only because of the time zone, Vikas is in India Time Zone. And attending 1PM ET would be too late for him. So I suggested he can present in March once day-light time changes

[nadgowdas]

@vikas-agarwal76 @lumjjb How about march 16th ?

[knowlengr]

Hi Travis et al.,

Meet Brandon & the CNCF Security TAG https://github.com/cncf/tag-security .

We meet at 1p eastern Wednesdays, roughly weekly.

I am unavailable Feb 23 and March 2 (air travel), so for selfish reasons, I would hope for a later-in-March presentation.

FYI Elsewhere in this thread is scheduling chat for https://github.com/IBM/compliance-trestle.

Protocol: S

*peakers: Who will be presenting this? List names/github IDs of @.** to reach out to trestle developersDescription: Describe in a short paragraph what the presentation is about.Time: How long will the presentation take? (estimate) 40 minsAvailability: What is the availability times of the speakers to present the topic? Meeting times are listed on the landing page. TAG Representative Schedule date By opening this issue, I, (Insert Github Handle/Name) acknowledge that the presentation topic and speaker will follow the presentation guidelines — Related: (My suggestion: perhaps this should be a topic for a conference session? Multi-vendor affair? I just saw a presentation by Mandiant (I think the Intrigue product acquisition, but I'm not sure). It's not really a compliance tool exactly, but it's closely related with attack scripting designed to verify defenses against specific threats (an oversimplification). I see this as assurance- and compliance-related, but not everyone will.

Cheers Mark

Cheers, Mark

On Mon, Jan 31, 2022 at 1:45 PM Brandon Lum @.***> wrote:

Ah okay - it's 31 Jan here still, so I thought that you were referring to Feb :). @nadgowdas https://github.com/nadgowdas ill leave you to putting out a date then.

— Reply to this email directly, view it on GitHub https://github.com/cncf/tag-security/issues/850#issuecomment-1026093501, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABG5HAMUECLOW7OBKGZTDXTUY3KDLANCNFSM5M3Y266Q . You are receiving this because you are subscribed to this thread.Message ID: @.***>

--

Mark Underwood knowlengr.com http://www.knowlengr.com @knowlengr https://twitter.com/knowlengr @darkviolin https://twitter.com/darkviolin

[knowlengr]

Pleasure to virtually meet you! We have a freemium compliance automation product that we have discussed with the Synchrony team over the last several months. We recently finished an ATARC open research project to show continuous automation using NIST OSCAL and the free version of RegScale. We were able to demonstrate ingesting a SSP with OSCAL, generating a SAP, executing a scan with a MITRE STIG, and then processing the STIG to generate a SAR using OSCAL as the underlying standard.

We also have an Enterprise Edition that is paid that adds integrations, security, and an automation CLI for continuous assessment and compliance. This may be out of bounds for discussion but making you aware.

Happy to discuss any and all of what we are doing that might be of interest to the community. If you can provide a focus area and some guidelines, we would be happy to present later in March when Mark is available.

J. Travis Howerton Co-Founder and CTO, RegScale Shift Left Compliance via our Regulatory Operations (RegOps) platform Learn more at https://www.regscale.comhttps://regscale.com/ [signature_146207628]

From: Mark Underwood @.> Date: Friday, February 11, 2022 at 1:17 PM To: cncf/tag-security @.>, Travis Howerton @.> Cc: Underwood, Mark (Synchrony) @.>, @. @.> Subject: Re: [cncf/tag-security] [Presentation] Trestle/OSCAL Presentation (Issue #850) Hi Travis et al.,

Meet Brandon & the CNCF Security TAGhttps://github.com/cncf/tag-security.

We meet at 1p eastern Wednesdays, roughly weekly.

I am unavailable Feb 23 and March 2 (air travel), so for selfish reasons, I would hope for a later-in-March presentation.

FYI Elsewhere in this thread is scheduling chat for https://github.com/IBM/compliance-trestle.

Protocol: Speakers: Who will be presenting this? List names/github IDs of presenters. @nadgowdas to reach out to trestle developers

Description: Describe in a short paragraph what the presentation is about.

Time: How long will the presentation take? (estimate) 40 mins

Availability: What is the availability times of the speakers to present the topic? Meeting times are listed on the landing page.

TAG Representative Schedule date By opening this issue, I, (Insert Github Handle/Name) acknowledge that the presentation topic and speaker will follow the presentation guidelines — Related: (My suggestion: perhaps this should be a topic for a conference session? Multi-vendor affair? I just saw a presentation by Mandiant (I think the Intrigue product acquisition, but I'm not sure). It's not really a compliance tool exactly, but it's closely related with attack scripting designed to verify defenses against specific threats (an oversimplification). I see this as assurance- and compliance-related, but not everyone will.

Cheers Mark

Cheers, Mark

On Mon, Jan 31, 2022 at 1:45 PM Brandon Lum @.**@.>> wrote:

Ah okay - it's 31 Jan here still, so I thought that you were referring to Feb :). @nadgowdashttps://github.com/nadgowdas ill leave you to putting out a date then.

— Reply to this email directly, view it on GitHubhttps://github.com/cncf/tag-security/issues/850#issuecomment-1026093501, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ABG5HAMUECLOW7OBKGZTDXTUY3KDLANCNFSM5M3Y266Q. You are receiving this because you are subscribed to this thread.Message ID: @.***>

--

Mark Underwood knowlengr.comhttp://www.knowlengr.com @knowlengrhttps://twitter.com/knowlengr @darkviolinhttps://twitter.com/darkviolin

[lumjjb]

@nadgowdas @vikas-agarwal76 16 March seems fine. How early would you be able to make it? How about 2 hours earlier? Does that work?

[lumjjb]

Thanks @knowlengr for the introduction! I think that we'll start with the presentation from @vikas-agarwal76 and see where we are..

However, maybe it would be beneficial to have a meeting between Travis, @achetal01 and I on possible focus areas and insights on where we are going with security controls/audit work. I can't seem to find this email in my box but I'll ping you on slack

[lumjjb]

@vikas-agarwal76 is 2 hours earlier ok for March 16th? (11am EST, 8am PST), or earlier?

[nadgowdas]

@lumjjb : @ancatri and @degenaro have gracefully agreed to present on this topic on Mar 16th. We won't need to change the time as well.

[knowlengr]

Brandon,

Just following back up to see if we might connect on an OSCAL presentation for the CNCF. Also, we were just informed that we were selected for an invited talk and demo at the upcoming NIST OSCAL Conference in March.

Hope you are well and look forward to connecting soon.

J. Travis Howerton Co-Founder and CTO, RegScale Shift Left Compliance via our Regulatory Operations (RegOps) platform Learn more at https://www.regscale.comhttps://regscale.com/ [signature_490783897]

From: Travis Howerton @.> Date: Friday, February 11, 2022 at 1:25 PM To: Mark Underwood @.>, cncf/tag-security @.> Cc: Underwood, Mark (Synchrony) @.>, @. @.> Subject: Re: [cncf/tag-security] [Presentation] Trestle/OSCAL Presentation (Issue #850) Pleasure to virtually meet you! We have a freemium compliance automation product that we have discussed with the Synchrony team over the last several months. We recently finished an ATARC open research project to show continuous automation using NIST OSCAL and the free version of RegScale. We were able to demonstrate ingesting a SSP with OSCAL, generating a SAP, executing a scan with a MITRE STIG, and then processing the STIG to generate a SAR using OSCAL as the underlying standard.

We also have an Enterprise Edition that is paid that adds integrations, security, and an automation CLI for continuous assessment and compliance. This may be out of bounds for discussion but making you aware.

Happy to discuss any and all of what we are doing that might be of interest to the community. If you can provide a focus area and some guidelines, we would be happy to present later in March when Mark is available.

J. Travis Howerton Co-Founder and CTO, RegScale Shift Left Compliance via our Regulatory Operations (RegOps) platform Learn more at https://www.regscale.comhttps://regscale.com/ [signature_146207628]

From: Mark Underwood @.> Date: Friday, February 11, 2022 at 1:17 PM To: cncf/tag-security @.>, Travis Howerton @.> Cc: Underwood, Mark (Synchrony) @.>, @. @.> Subject: Re: [cncf/tag-security] [Presentation] Trestle/OSCAL Presentation (Issue #850) Hi Travis et al.,

Meet Brandon & the CNCF Security TAGhttps://github.com/cncf/tag-security.

We meet at 1p eastern Wednesdays, roughly weekly.

I am unavailable Feb 23 and March 2 (air travel), so for selfish reasons, I would hope for a later-in-March presentation.

FYI Elsewhere in this thread is scheduling chat for https://github.com/IBM/compliance-trestle.

Protocol: Speakers: Who will be presenting this? List names/github IDs of presenters. @nadgowdas to reach out to trestle developers

Description: Describe in a short paragraph what the presentation is about.

Time: How long will the presentation take? (estimate) 40 mins

Availability: What is the availability times of the speakers to present the topic? Meeting times are listed on the landing page.

TAG Representative Schedule date By opening this issue, I, (Insert Github Handle/Name) acknowledge that the presentation topic and speaker will follow the presentation guidelines — Related: (My suggestion: perhaps this should be a topic for a conference session? Multi-vendor affair? I just saw a presentation by Mandiant (I think the Intrigue product acquisition, but I'm not sure). It's not really a compliance tool exactly, but it's closely related with attack scripting designed to verify defenses against specific threats (an oversimplification). I see this as assurance- and compliance-related, but not everyone will.

Cheers Mark

Cheers, Mark

On Mon, Jan 31, 2022 at 1:45 PM Brandon Lum @.**@.>> wrote:

Ah okay - it's 31 Jan here still, so I thought that you were referring to Feb :). @nadgowdashttps://github.com/nadgowdas ill leave you to putting out a date then.

— Reply to this email directly, view it on GitHubhttps://github.com/cncf/tag-security/issues/850#issuecomment-1026093501, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ABG5HAMUECLOW7OBKGZTDXTUY3KDLANCNFSM5M3Y266Q. You are receiving this because you are subscribed to this thread.Message ID: @.***>

--

Mark Underwood knowlengr.comhttp://www.knowlengr.com @knowlengrhttps://twitter.com/knowlengr @darkviolinhttps://twitter.com/darkviolin

[stale[bot]]

This issue has been automatically marked as inactive because it has not had recent activity.

[anvega]

Presentation already took place.