Open aj-stein-nist opened 2 years ago
@david-waltermire-nist is this close to what you had in mind? I added it to the triage list for tomorrow.
Per today's model review, I wonder if the "development (provider-focused)" should be described as follows:
Here is an SVG path that could be used as the basis for an 'infinity loop' diagram....
User Story:
As an OSCAL stakeholder, I want to see clearer workflow diagram (as part of documentation for usnistgov/OSCAL#1058, and snapshot draft in usnistgov/OSCAL#1068) to explain the relationship of OSCAL generally, and the rules construct in particular, to the SDLC and DevSecOps lifecycles.
Goals:
The current diagram we would like to improve upon is below.
Some improvements we would like to see in a new derivative diagram, reiterated from the current draft of the document:
We need a figure 8 diagram similar to the above with the following steps. "Development" will be on the left. "Operations" will be on the right. "Security" surrounds the figure 8.
Development: (provider-focused)
Operations: (consumer-focused)
Dependencies:
{Describe any previous issues or related work that must be completed to start or complete this issue.}
Acceptance Criteria
{The items above are general acceptance criteria for all User Stories. Please describe anything else that must be completed for this issue to be considered resolved.}