Open xee5ch opened 2 years ago
Would you be interested in adding OSCAL POA&M export?
Oh! I like that idea! How would you imagine something like that working, exactly, though? Are you thinking it'd be augmenting the "recommendations" we capture as a part of the objects we create in risqué? Or are you thinking more like a totally separate app that can be used to draft up POAMs on their own? I can potentially see either working really well, but the separate app idea feels like a more flexible approach.
Oh! I like that idea! How would you imagine something like that working, exactly, though? Are you thinking it'd be augmenting the "recommendations" we capture as a part of the objects we create in risqué? Or are you thinking more like a totally separate app that can be used to draft up POAMs on their own? I can potentially see either working really well, but the separate app idea feels like a more flexible approach.
This is interesting. I was thinking more towards the former. The latter is a big lift (or a significant shift from the current vision of the app), right? Let me play around with the app and get back to you maybe? :-)
I'd say one of the bigger issues, after quickly reorienting myself and playing with Risque (love the simplicity in UX and interface, BTW) is OSCAL is systemic and wants to make a POA&M that links back to a Assessment Result (AR), and that AR to an Assessment Plan (AP), and that AP should link back to a SSP describing the system assessed. I think I need to investigate how much "stuff" you can get away with in only in a POA&M if you want and stub out saying "we have UUIDs for those things from another API or tool, I am an expert user" or just leave them blank for now.
Anyway, this is an interesting challenge to explore. I guess I could come up with some ideas and you can tell how reasonable or unreasonable that is for the context of this app?
First time caller, long-time listener from oscal.club. Hello! I like this app, but had not noticed this gem in the Risk Redux portfolio until I heard people mention it today. Would you be interested in adding OSCAL POA&M export? Let me know and I can try to dust off my RoR knowledge and chip in, or just cheer from the sidelines, whatever works with this project.
Either way, very nice work!