search

oscal-club / awesome-oscal

A list of tools, blog posts, and other resources that further the use and adoption of OSCAL standards.
Creative Commons Zero v1.0 Universal
136 stars 22 forks source link

Add community-maintained NIST SP 800-171 catalog #34

Closed xee5ch closed 1 year ago

xee5ch commented 1 year ago

Add @matt-f5's new catalog as announced in usnistgov/oscal-content#150.

matt-f5 commented 1 year ago

@xee5ch thanks for doing this!!

iMichaela commented 1 year ago

@matt-f5 - I would like to provide some clarification around closing (for now) the usnistgov/oscal-content, issue #150 and moving it here. If NIST publishes the content in a NIST owned repository, NIST (aka data owners) is (are) responsible for ensuring the quality of the information, possible errors, maintenance of the data, etc. and since there is already a call for proposed updates to 800-171, changes to the data are anticipated soon.

We (OSCAL team) are very excited to see your initiative, and we hope you understand the reasons for current closing of the issue while moving it here. The 800-53 is provided with support from the data owners (RMF) team. If you would like to further discuss this, and to explore how your work can be made visible to the community, I would be happy to have a call with you. For example, if you want to present your catalog, your plan for updates, or to call for collaboration, you can present it at one of our upcoming OSCAL mini workshop (monthly workshop). Please feel free to reach out at michaela at nist dot gov

xee5ch commented 1 year ago

@matt-f5 - I would like to provide some clarification around closing (for now) the usnistgov/oscal-content, issue #150 and moving it here.

Just for the record about oscal.club and the community effort. I saw the NIST team closed usnistgov/oscal-content#150, but it was not moved here. I, as clubhouse manager, saw the surprise announcement of a community member presenting their own version of the catalog and wanted to cite where I found it. That is why there is issue cross-linking in GH, but the creation of this issue coincides with the official NIST one, it has not official relationship. Just wanted to be clear.

I added lists of OSCAL content from community members here when I find them because I (and I presume the rest of the community) are happy to see them.

matt-f5 commented 1 year ago

@xee5ch @iMichaela responding to all the above comments... I appreciate the addition to the Awesome OSCAL list and agree this is the best place to highlight it, as community-driven content. Fathom5 did create and does maintain the content in our repo, and we certainly welcome broader community contributions. Either of your recommended descriptions are good with us! Based on the discussion in https://github.com/usnistgov/oscal-content/issues/150 , it makes sense that the official 800-171 maintainers from NIST should be the ones to approve publication of official OSCAL content. Now that I know it's a separate team, I'll be reaching out to them directly. In the mean time, I hope this can at least serve the community as an unofficial starting point :)