Skip to main content

April 4th, 2020

Slides

Agenda

  • Review closed and open pull requests in OSCAL repo.
  • Discuss current work.
  • Discuss renaming system-security-plan and plan-of-action-and-milestones elements in the respective OSCAL models to better align with how the data is produced, used, and referred to in other risk management frameworks
  • Open discussion.

Notes

  • Brainstormed a few options for renaming system-security-plan and plan-of-action-and-milestones elements.

    Suggested names for system-security-plan included:

    • system-implementation
    • system-control(s)-implementation
    • ssp (using just the acronym)
    • system-descriptor
    • system

    There was some support for system. The emerging consensus seemed to be around keeping the name as-is for the OSCAL 1.x.

    Suggested names for plan-of-action-and-milestones included:

    • open action
    • milestone (since it highlights a deadline)
    • weakness (some consensus that this term is a bit too general and overused in other contexts)

    No emerging consensus around any given new name. The emerging consensus seemed to be around keeping the name as-is for the OSCAL 1.x.

  • Adam Oline offered to provide a sample SSP in Word aligned with the data provided by CSAM. He is going to post this to issue #364. Once posted, we need to discuss how to get this converted into OSCAL format. Looking for volunteers to help with this.

This page was last updated on June 28, 2023.