Provide example OSCAL Profile representation for controls with testing requirements included #342
Labels
OSCAL representation of FINOS CCC
Work related to representing CCC in OSCAL, partnering with NIST to understand how to represent in OS
security
Feature Request
Description of Problem:
#326 includes an attempt at representing a sample of common controls in an OSCAL Profile representation, with the inclusion of associated testing requirements. It is still unclear how best to represent the testing requirements for the controls within an OSCAL profile and it is agreed that the current OSCAL profile "PoC" in #326 needs to be massaged.
Potential Solutions:
With the controls and testing requirements in #326 as a starting point, provide an updated OSCAL control catalog/profile representation that aligns with best practice/NIST guidance so that we have an example target state to start building automation for.
The text was updated successfully, but these errors were encountered: