Michaela Iorga

The diagram below aligns the NIST RMF with the ISO/IEC 27005, so we can discuss the feasibility of using a simplified risk management process derived from ISO/IEC 27005, whit endorsing...

The proposed simplified system lifecycle: |RISK MGMT| Select | Implement | Assess | | :-------| :------- | :------------- | :----- | |DEVELOPMENT| Design | Develop | Test | lists Select...

@wendell - can you please provide un update on this issue. Is Amanda's merged PR https://github.com/usnistgov/OSCAL/pull/1596 addressing this issue as described and all is left is to release the work...

Mostlikely there are two aspects of the problem: 1) the understanding of the term ‘content’ as in ‘_consumable content_’ or ‘_everything in the file, metadata fully included_’, to clearly understand...

@aj-stein-nist - I made some typo corrections in the content of the issue, and I realized that the issue only lists alignment and centralization of the information, but it does...

@brian-ruf - Thank you for opening the issue and proposing an OSCAL Extension model. I believe such model is needed in order to have meaningful OSCAL extensions for adopters that...

Some comments in #1972 are touching on the Extension model idea.

> For field testing the JSON Schema, we need examples of the following, in JSON: > > * catalog with controls - **valid** > * catalog with groups - **valid**...

@JustKuzya aggregated all cases where `choice` is used: |#| XSD | xs:choice occurences |---:| :---:|:---:| 1 | oscal_assessment-plan_schema.xsd | 18 2 | oscal_assessment-results_schema.xsd | 18 3 | oscal_catalog_schema.xsd | 15...

Thank you @wendellpiez . #### A. > Many `xsd:choice` are there for other reasons. Including those that have just a single element, as this is machine-generated code. Where do we...