Provide example OSCAL Profile representation for controls with testing requirements included #342
Assignees
Labels
OSCAL representation of FINOS CCC
Work related to representing CCC in OSCAL, partnering with NIST to understand how to represent in OS
security
Comments
mlysaght2017
added
security
OSCAL representation of FINOS CCC
|
Based on the current content, the OSCAL artifact will be a catalog (mini). A profile can be created from that catalog afterwards. |
9 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Feature Request
Description of Problem:
#326 includes an attempt at representing a sample of common controls in an OSCAL Profile representation, with the inclusion of associated testing requirements. It is still unclear how best to represent the testing requirements for the controls within an OSCAL profile and it is agreed that the current OSCAL profile "PoC" in #326 needs to be massaged.
Potential Solutions:
With the controls and testing requirements in #326 as a starting point, provide an updated OSCAL control catalog/profile representation that aligns with best practice/NIST guidance so that we have an example target state to start building automation for.
The text was updated successfully, but these errors were encountered: