SSP Preview in XSLT

[wendellpiez]

SSP Preview would be very useful, even if only generic or for demonstration, to have as an XSLT transformation analogous to the transformations that produce formatted catalogs.

Since there is no single "right" way to present an SSP, and widespread requirements for customization, templating and "skinning", a good demo will also be adaptable.

A dependency for this issue is a representative sample document or range of documents representing the use case(s).

[aj-stein-nist]

Silly question, in another repo and as part of our ongoing conversations, I have already volunteered to offer help with this, right?

[wendellpiez]

@aj-stein-nist Probably, but there is a lot to keep track of. Hence, Issues!

Just noting here that a follow-on work item could be to deploy the preview under CSX.

[aj-stein-nist]

Just noting here that a follow-on work item could be to deploy the preview under CSX.

I presumed "XSLTs for publishing" was referring to just the enhancement of existing XSLTs to transform OSCAL SSPs in XML format, and thought it was separate of CSX work, based on what is written in the issue and ACs. My bad!

[wendellpiez]

It is separate, hence the description of the CSX as "follow-on" (since it could be mainly integration).

[flickerfly]

Not having a good output of the SSP for humans is a pretty big show stopper for being able to use OSCAL behind the scenes in a strangler pattern type scenario. I'd like to suggest this gets bumped in priority to enhance the ability to slowly strangle traditional compliance processes with automation opportunities. The most successful automation I've ever worked was implemented a little at a time each time we iterated through the pain.

[david-waltermire]

@flickerfly This was discussed on the 10/20 Lunch with the Devs meeting. We currently have other priorities around producing a SP 800-53 update that @wendellpiez is currently working on. This would need to follow that work at the end of this year or early next year.

A big blocker for this work is having good representative samples of real world SSPs to test the HTML and PDF productions against. If the community could post some links to realistic SSP examples, this would help greatly.

There was also discussion of a few other SSP rendering capabilities provided by tools maintained by other organizations in the community (e.g., FedRAMP), but no specific publicly available tools were identified. If any can be identified, we would be happy to add them to the OSCAL tools page.