Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Proposal] Compliance WG Project: Work with NIST on 800-171 and 800-172 OSCAL #1392

Open
3 of 18 tasks
ficcaglia opened this issue Oct 25, 2024 · 2 comments
Open
3 of 18 tasks

[Proposal] Compliance WG Project: Work with NIST on 800-171 and 800-172 OSCAL #1392

ficcaglia opened this issue Oct 25, 2024 · 2 comments
Assignees
@brandtkeller
Labels
proposal common precursor to project, for discussion & scoping
Milestone
STAG Rep: @brandt...

Comments

@ficcaglia
Copy link

Description: what's your idea?

Impact: Describe the customer impact of the problem. Who will this help? How
will it help them?

Who: this will help CISOs and AOs and analysts who need to adhere to NIST 800-171/2 for fun and learning (and regulatory or contractual requirements).

How: OSCAL is the emerging standard created by NIST for expressing machine readable control requirements for security, processes, documentation requirements, privacy, assessments, and risks - and much more - currently being adopted by governments, non-profits, and enterprises. As it becomes both more adopted - and in some government procurement processes eventually required - it benefits the open source community to support OSCAL for end users who want to use it for their tech stacks using CNCF projects and tools.

Scope: How much effort will this take? ok to provide a range of options if or
"not yet determined" for initial proposals. Feel free to include proposed tasks
below or link a Google doc

Not yet determined but NIST is already leading the effort and has scaffolded the deliverables of a first OSCAL catalog for 171. So we can use this as a launching point.

Intent to lead:

  • I volunteer to be a project lead on this proposal if the community is
    interested in pursing this work.     This statement of intent does not preclude
    others from co-leading or becoming lead in my stead.

Proposal to Project:

  • Added to the planned meeting template for mm dd
  • Raised in a Compliance WG meeting to determine interest - 10/22/2024 (and briefed the STAG on the WG activity on 10/23)
  • Collaborators comment on issue for determine interest and nominate project lead
  • Scope determined via meeting mm dd and/or shared document add link
    with call for participation in #tag-security slack channel thread add link
    and mailing list email add link
  • Scope presented to and voted on in the Compliance WG meeting

TO DO

  • Project leader(s): @rficcaglia
  • Issue is assigned to project leaders
  • Project Members:
  • Fill in addition TODO items here so the project team and community can
    see progress!
  • Scope
  • Deliverable(s)
  • Project Schedule
  • Slack Channel (as needed)
  • Meeting Time & Day:
  • Meeting Notes (link)
  • Meeting Details (zoom or hangouts link)
  • Retrospective

@ancatri
@ficcaglia ficcaglia added proposal common precursor to project, for discussion & scoping triage-required Requires triage labels Oct 25, 2024
@ficcaglia
Copy link
Author

forgot cannot EDIT content but meant to link to related NIST GHI:
usnistgov/oscal-content#150

@jkjell
Copy link
Collaborator

jkjell commented Oct 30, 2024

This will be discussed at the next Compliance Working Group meeting on November 5th.

@jkjell jkjell removed the triage-required Requires triage label Oct 30, 2024
@brandtkeller brandtkeller added this to the STAG Rep: @brandtkeller milestone Nov 10, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@brandtkeller brandtkeller

Labels
proposal common precursor to project, for discussion & scoping
Projects
None yet
Milestone
STAG Rep: @brandtkeller
Development

No branches or pull requests
3 participants
@jkjell @ficcaglia @brandtkeller