Document: Plan of Actions and Milestones generation

[brandtkeller]

Research and documentation for how Lula will generate and operate on plan-of-actions-and-milestones.

Objective

Establish a document for plan-of-actions-and-milestones that evolves as research develops around:

• The purpose of a plan-of-actions-and-milestones generically
• assessment-results to plan-of-actions-and-milestones
• How Lula performs this mapping during generation
• Expectations for hybrid (automation/manual) authorship of the artifact

Consider this a research spike that also educates/informs others about opinionation of Lula workflows. Human readable format means a lower barrier to entry for external expertise to evaluate and challenge assumptions.

[brandtkeller]

Another scenario is the generation of POAM items for actions performed outside of the other models -> IE CVE scanning.

Certain domains may ingest a datasource and produce/maintain a list of associated items in a specific model. CVE item (With some established threshold) to POAM may be a good example.