usnistgov / OSCAL

Open Security Controls Assessment Language (OSCAL)
https://pages.nist.gov/OSCAL/
Other
671 stars 182 forks source link

Functional capabilities - How to enhance model usability #899

Open alemos2611 opened 3 years ago

alemos2611 commented 3 years ago

For consideration - I would like to suggest that OSCAL model and documentation could evidence some functional capabilities that our teams could run to extract or consist data from the model.

As an example, assuming that OSCAL has multiple data representations (JSON, XML) for NIST SP800-53 catalog model and data, and users could build Profile views of that data from combined catalogs, one ideal function that should be available is "CheckIntegrity()"as a Profile/Catalog API that could offer base validation ( maybe to be part of the standard definition)

The idea is that the initial "checkIntegrity()" function may be syntax-oriented, or even allow higher-level functions to detect semantical (user-defined) checks that are called as part of the integrity check superclass.

The proposal of functions would be beneficial to enhance the model usage, and also test different use cases that models were not originally designed, but it should allow such enhancements at some point.

Candidate functions could include:

aj-stein-nist commented 1 year ago

Given the questions around core requirements for this issue and existing comments and labels, I will align the status with "DEFINE Research Needed."