Skip to main content

March 2023 Newsletter

Hello,

Greetings from the NIST OSCAL Team! Our priority is to grow and sustain healthy community contributions to OSCAL research, development, and training materials. Below are RFC (Request for Contrbution) opportunities NIST OSCAL team identified that volunteer contributions are needed to faster advance OSCAL program.

For your convenience, NIST OSCAL team also maintains the RFC archive on our website

Do you see something you're interested in that is not in the list below? Please contact us and let us know.

Best Wishes, Michaela and the NIST OSCAL Team

Research (DEFINE) Opportunities

Research (DEFINE) Opportunity 1

Description:

It is anticipated that NIST will initiate a draft specification to fully define exportable content, and outline an approach for shared control responsibilities. We wish to identify members of the community who would like to participate in producing a draft. We have created initial use cases, performed a gap analysis, and we are in the process of preparing conceptual examples for evaluation.

Skills needed:

  • Understanding of the OSCAL system security plan model.
  • Knowledge of Customer Responsibility Matrix (CRM) documents, either as an author or consumer.
  • Ability to interpret machine-oriented content, such as YAML or JSON.
  • Ability to participate in GitHub issue creation, feedback and recommendations.

Estimated time commitment:

8 to 10 hours in April

This opportunity is subject to the outcome of the current effort, and may be delayed if additional detail is required to begin the draft.

Value to OSCAL:

This will help us enhance OSCAL models to communicate shared responsibility for controls without exposing the content of the entire SSP model.

I'm interested, how do I volunteer?

Visit the discussion board and comment here.

Development Opportunities

Development Opportunity 1

Description:

Complete a tutorial on how to create OSCAL profiles.

Skills needed:

  • Copy editing
  • Understanding of the OSCAL catalog model
  • Understanding of the OSCAL profile model
  • Ability to edit Markdown files
  • Use a git client to save Markdown files, commit them, and create a pull request

Estimated time commitment:

8 hours

Value to OSCAL:

The community has asked for more tutorials for core OSCAL functionality.

I'm interested, how do I volunteer?

Visit the discussion board and comment here.

This page was last updated on June 28, 2023.