compliance-trestle

compliance-trestle copied to clipboard

## Issue description / feature objectives ssp-assemble may not strictly follow structural expectations and will still generate an ssp. Use `MarkdownValidator` to strictly enforce the structure. ## Completion Criteria

butler54

## Issue description / feature objectives [Cybersecurity Maturity Model Certification](https://www.acq.osd.mil/cmmc/index.html) is an emerging standard required for organisations engaging with the US DoD. Create a script (as a demo / content)...

butler54

Address handling of constrained lists since they have been removed from OSCAL after 1.0.0 normalization

1

To avoid complications caused by constrained lists, "min_items=1" is removed from the oscal models so that what normally would be constrained lists are now regular lists that could be empty....

fsuits

Create "Graft" as a part of the trestle framework

4

## Issue description / feature objectives Discussions within the team have focused some need on what is called 'graft' or 'master-aggregator' a set of functionality for combining various sources of...

butler54

Currently there are 27 uses of __root__ in all the normalized oscal models (not including target) and there are only a few different patterns of usage - mostly involving regex....

fsuits

Fedramp SSP editing workflow support.

3

## Issue description / feature objectives As a FedRAMP SSP writer I would like the SSP generator to support (including converting to a FedRAMP compliant OSCAL SSP) the structured fields...

butler54

## Issue description / feature objectives In some languages inspecting the factory class makes it very obvious what classes are supported. With the methodology define, it may not be as...

butler54

## Issue description / feature objectives in issue #395 it is identified that it would be fantastic if a GRC tool can 'update' a trestle project, however, given this it...

butler54

## Types of changes - [ ] Hot fix (emergency fix and release) - [ ] Bug fix (non-breaking change which fixes an issue) - [x] New feature (non-breaking change...

fsuits

Question: Leveraging Component Definitions

4

# Question For example, say i am using the NIST 800-53 catalog, I have established which controls are applicable to my environment, however I need to write additional component definitions...

HerbBoy