common-cloud-controls icon indicating copy to clipboard operation
common-cloud-controls copied to clipboard
verified publisher icon finos

Provide example OSCAL Profile representation for controls with testing requirements included

Open mlysaght2017 opened this issue 1 year ago • 3 comments

Feature Request

Description of Problem:

#326 includes an attempt at representing a sample of common controls in an OSCAL Profile representation, with the inclusion of associated testing requirements. It is still unclear how best to represent the testing requirements for the controls within an OSCAL profile and it is agreed that the current OSCAL profile "PoC" in #326 needs to be massaged.

Potential Solutions:

With the controls and testing requirements in #326 as a starting point, provide an updated OSCAL control catalog/profile representation that aligns with best practice/NIST guidance so that we have an example target state to start building automation for.

mlysaght2017 avatar Sep 10 '24 11:09 mlysaght2017

Based on the current content, the OSCAL artifact will be a catalog (mini). A profile can be created from that catalog afterwards.

iMichaela avatar Sep 10 '24 22:09 iMichaela

From @iMichaela : generated the attached samples of CCC catalog resolved which is equivalent to a mini catalog. Need to further discuss the way the data is represented and to settle on some details.

Initial: oscal-catalog.json

Also need to discuss where we keep such as example files in CCC repo

mlysaght2017 avatar Oct 03 '24 11:10 mlysaght2017

@d1gital-f could we set up a strategy session discussing the OSCAL outputs? (user value, needs, etc)

eddie-knight avatar Oct 03 '24 15:10 eddie-knight

This issue will be closed as stale in 7 days. Please update this issue if it is still needed.

github-actions[bot] avatar Nov 02 '24 22:11 github-actions[bot]

Closed as stale. An update may reopen this issue.

github-actions[bot] avatar Nov 11 '24 22:11 github-actions[bot]