Michaela Iorga
Michaela Iorga
> Looks like we already have https://github.com/finos/common-cloud-controls/issues/139 to discuss the OSCAL topic. It could also be added to the agenda for the upcoming Security and/or Delivery meetings. @iMichaela, you might...
Michaela Iorga (NIST)
@crawfordchanel - Are there any more OSCAL WG meetings? Even this one was not on my calendar. Since this reorg, I have no invitation to any of the meetings scheduled....
Michaela Iorga (NIST)
Are calendar invitations no longer being sent/created? I had no idea there was a meeting today . Sorry.
> @crawfordchanel - assigned to decide which working group is best to decide this. e.g. Steering Committee, All Hands, etc. In my mind, each WG can generate their ADRs. Alternatively,...
Michaela Iorga/NIST
Thank you, @ojeb2 . > The OSCAL data model can be **Risk based**, **Service based** or **Threat based** > The representation of the CCC in OSCAL needs to support the...
@eddie-knight -- The issue was update, per the 3/7/2024 discussion. Anyone should feel free to enhance and add (or delete) information above.
> See Security Control Framework Mappings to ATT&CK repo: https://github.com/center-for-threat-informed-defense/attack-control-framework-mappings/tree/main > > and project summary: https://mitre-engenuity.org/cybersecurity/center-for-threat-informed-defense/our-work/nist-800-53-control-mappings/ > > Scoping decisions made for the NIST-800-53 to ATT&ACK use case are worth...