March 11th, 2021

Slides

• Overview (PDF)

Agenda

• Review closed and open pull requests in OSCAL repo.
• Discuss current work.
• Identify cookbook recipes/tutorial priorities
• Open discussion.

Notes

• Discussed Sprint 40 status.
• Held a discussion on community need for tutorials or "cookbook recipes" to illustrate how to use various OSCAL features.
  • Use of components vs capabilities within an OSCAL component definition. Created issue usnistgov/OSCAL#854 for this.
    • Address how a capability is to be used
    • Identify how component and capability content is used in the creation of a SSP.
  • Show how to include assessment evidence in an OSCAL assessment result based on the assessment of a given control. Created issue usnistgov/OSCAL#855 for this.
  • Illustrate how OSCAL extension points (i.e., property, annotation, and links) can be used to provide extended data. Created issue usnistgov/OSCAL#857 for this.
  • Show how to create an SSP with multiple components. Created issue usnistgov/OSCAL#862 for this.
• Discussed the need for FedRAMP to provide instructions and a tutorial for posting OSCAL-based packages to the OMB Max portal. AJ will follow up with the FedRAMP team.
• Discussed the need to define parties in an external OSCAL document, which can be imported into multiple OSCAL documents. Created issue usnistgov/OSCAL#859 for this.
• Discuss the need to review model documentation on identifier scoping and uniqueness. Created issue usnistgov/OSCAL#860 for this.