March 2023 Newsletter
Hello,
Greetings from the NIST OSCAL Team! Our priority is to grow and sustain healthy community contributions to OSCAL research, development, and training materials. Below are RFC (Request for Contrbution) opportunities NIST OSCAL team identified that volunteer contributions are needed to faster advance OSCAL program.
For your convenience, NIST OSCAL team also maintains the RFC archive on our website
Do you see something you're interested in that is not in the list below? Please contact us and let us know.
Best Wishes, Michaela and the NIST OSCAL Team
Research (DEFINE) Opportunities
Research (DEFINE) Opportunity 1
Description:
It is anticipated that NIST will initiate a draft specification to fully define exportable content, and outline an approach for shared control responsibilities. We wish to identify members of the community who would like to participate in producing a draft. We have created initial use cases, performed a gap analysis, and we are in the process of preparing conceptual examples for evaluation.
Skills needed:
- Understanding of the OSCAL system security plan model.
- Knowledge of Customer Responsibility Matrix (CRM) documents, either as an author or consumer.
- Ability to interpret machine-oriented content, such as YAML or JSON.
- Ability to participate in GitHub issue creation, feedback and recommendations.
Estimated time commitment:
8 to 10 hours in April
This opportunity is subject to the outcome of the current effort, and may be delayed if additional detail is required to begin the draft.
Value to OSCAL:
This will help us enhance OSCAL models to communicate shared responsibility for controls without exposing the content of the entire SSP model.
I'm interested, how do I volunteer?
Visit the discussion board and comment here.
Development Opportunities
Development Opportunity 1
Description:
Complete a tutorial on how to create OSCAL profiles.
Skills needed:
- Copy editing
- Understanding of the OSCAL catalog model
- Understanding of the OSCAL profile model
- Ability to edit Markdown files
- Use a
git
client to save Markdown files, commit them, and create a pull request
Estimated time commitment:
8 hours
Value to OSCAL:
The community has asked for more tutorials for core OSCAL functionality.
I'm interested, how do I volunteer?
Visit the discussion board and comment here.