[Proposal] Compliance WG Project: Work with NIST on 800-171 and 800-172 OSCAL #1392
Open
3 of 18 tasks
Comments
ficcaglia
added
proposal
|
forgot cannot EDIT content but meant to link to related NIST GHI: |
|
This will be discussed at the next Compliance Working Group meeting on November 5th. |
# for free
to join this conversation on GitHub.
Already have an account?
# to comment
Description: what's your idea?
Impact: Describe the customer impact of the problem. Who will this help? How
will it help them?
Who: this will help CISOs and AOs and analysts who need to adhere to NIST 800-171/2 for fun and learning (and regulatory or contractual requirements).
How: OSCAL is the emerging standard created by NIST for expressing machine readable control requirements for security, processes, documentation requirements, privacy, assessments, and risks - and much more - currently being adopted by governments, non-profits, and enterprises. As it becomes both more adopted - and in some government procurement processes eventually required - it benefits the open source community to support OSCAL for end users who want to use it for their tech stacks using CNCF projects and tools.
Scope: How much effort will this take? ok to provide a range of options if or
"not yet determined" for initial proposals. Feel free to include proposed tasks
below or link a Google doc
Not yet determined but NIST is already leading the effort and has scaffolded the deliverables of a first OSCAL catalog for 171. So we can use this as a launching point.
Intent to lead:
interested in pursing this work. This statement of intent does not preclude
others from co-leading or becoming lead in my stead.
Proposal to Project:
with call for participation in #tag-security slack channel thread add link
and mailing list email add link
TO DO
see progress!
@ancatri
The text was updated successfully, but these errors were encountered: