tag-security icon indicating copy to clipboard operation
tag-security copied to clipboard

Published 20 hours ago verified publisher icon cncf

[Proposal] Compliance WG Project: Work with NIST on 800-171 and 800-172 OSCAL

Open ficcaglia opened this issue 1 year ago • 3 comments
trafficstars

Description: what's your idea?

Impact: Describe the customer impact of the problem. Who will this help? How will it help them?

Who: this will help CISOs and AOs and analysts who need to adhere to NIST 800-171/2 for fun and learning (and regulatory or contractual requirements).

How: OSCAL is the emerging standard created by NIST for expressing machine readable control requirements for security, processes, documentation requirements, privacy, assessments, and risks - and much more - currently being adopted by governments, non-profits, and enterprises. As it becomes both more adopted - and in some government procurement processes eventually required - it benefits the open source community to support OSCAL for end users who want to use it for their tech stacks using CNCF projects and tools.

Scope: How much effort will this take? ok to provide a range of options if or "not yet determined" for initial proposals. Feel free to include proposed tasks below or link a Google doc

Not yet determined but NIST is already leading the effort and has scaffolded the deliverables of a first OSCAL catalog for 171. So we can use this as a launching point.

Intent to lead:

  • [X] I volunteer to be a project lead on this proposal if the community is interested in pursing this work. This statement of intent does not preclude others from co-leading or becoming lead in my stead.

Proposal to Project:

  • [ ] Added to the planned meeting template for mm dd
  • [X] Raised in a Compliance WG meeting to determine interest - 10/22/2024 (and briefed the STAG on the WG activity on 10/23)
  • [ ] Collaborators comment on issue for determine interest and nominate project lead
  • [ ] Scope determined via meeting mm dd and/or shared document add link with call for participation in #tag-security slack channel thread add link and mailing list email add link
  • [ ] Scope presented to and voted on in the Compliance WG meeting

TO DO

  • [X] Project leader(s): @rficcaglia
  • [ ] Issue is assigned to project leaders
  • [ ] Project Members:
  • [ ] Fill in addition TODO items here so the project team and community can see progress!
  • [ ] Scope
  • [ ] Deliverable(s)
  • [ ] Project Schedule
  • [ ] Slack Channel (as needed)
  • [ ] Meeting Time & Day:
  • [ ] Meeting Notes (link)
  • [ ] Meeting Details (zoom or hangouts link)
  • [ ] Retrospective

@ancatri

ficcaglia avatar Oct 25 '24 17:10 ficcaglia