Anca Sailer

@iMichaela @david-waltermire-nist Thank you for your explanations which make perfect sense for the use cases you mention. Our cloud use case is. slightly different in the sense that the system...

After a synch w OSCAL, here are a few additional points to consider: **1. On the OSCAL side**, their next release will add to the Component Definition (in view of...

Org is ready: https://github.com/orgs/oscal-compass/repositories @vikas-agarwal76 Please share the CNCF sandbox request issues content here for @PushkarJ to review. Thanks

@ashutosh-narkar @mnm678 @PushkarJ @vikas-agarwal76 Hey! Happy New Year and all the best near your dear ones! @ashutosh-narkar When you get a chance pls review the content above that we plan...

@rficcaglia FYI ^

@ashutosh-narkar @PushkarJ @mnm678 @vikas-agarwal76 @rficcaglia To record the summary on the latest in the Compliance WG done on the weekly STAG calls on Wednesday at 10a PST. **Scope** - Charter...

Catalog NIST 800-53 IBM profile on NIST 800-53 has different CISO experts for each control family who need to provide their modifications/ additional guidance in this profile to the teams...

We do not change anything in the NIST 800-53 catalog , we do the changes only via profile.

I find @wendellpiez solution, with a profile per CISO party, cleaner than pushing an existing party/role in the metadata as props under alter. I see your point on the resolved...

Related to https://github.com/usnistgov/OSCAL/issues/989 where we open the issue of having the rules defined as 1st class element to get an UUID which we can reference in the assessment plan.