Is your feature request related to a problem? Please describe.
Currently the Istio OSCAL is composed using Lula compose prior to being brought into UDS-Core. After discussions with the UDS-Core team it would be good to follow a similar setup that we utilize in the compliance-artifacts repo where OSCAL and validations are developed currently.
By splitting the validations out of the OSCAL will give deeper insights into the items we are checking while enabling other developers to contribute to validations updates as needed.
Describe the solution you'd like
[x] Create uds-core/compliance/validations directory for Istio (per service in the future).
[ ] Update OSCAL Assessment-Result with compliance framework change (High to Moderate)
Describe alternatives you've considered
Leave the validations in the OSCAL. Harder to contribute and update as OSCAL is several hundred to thousands of lines of YAML with data/context most developers don't need to focus on. Also puts the burden of learning the OSCAL Schema.
Is your feature request related to a problem? Please describe.
Currently the Istio OSCAL is composed using
Lula compose
prior to being brought into UDS-Core. After discussions with the UDS-Core team it would be good to follow a similar setup that we utilize in thecompliance-artifacts
repo where OSCAL and validations are developed currently.By splitting the validations out of the OSCAL will give deeper insights into the items we are checking while enabling other developers to contribute to validations updates as needed.
Describe the solution you'd like
Describe alternatives you've considered
Leave the validations in the OSCAL. Harder to contribute and update as OSCAL is several hundred to thousands of lines of YAML with data/context most developers don't need to focus on. Also puts the burden of learning the OSCAL Schema.