Minimum Project Deliverable #38
Comments
|
@brandtkeller ultimately I would like to couple OSCAL artifacts with TAG-Security deliverables. I have been working on a way to automate that, and should have something well ahead of KubeCon. Then the artifact I propose we include in the TAG Security repo would be the OSCAL (skipping the interim CSV format we use here). My focus has been extraction of controls, named entities, and other details from the white papers. Getting from that to OSCAL is (somewhat) straightforward, but getting those details was entirely manual in the past, and aside from its value proving out the concept isn't something I would wish to do again |
|
Sounds valuable and the proposed items would still stand, yes? Otherwise this issue can capture the intent to mature the current process and produce an artifact for delivery in the TAG Security Repository. |
|
Yup! |
|
Revisiting to document for posterity Given the above outcomes (merging this work - or the outputs therein - into the STAG repository) - we've discussed a potential strategy that allows for the production of the minimum deliverables with more clear steps for future iterations or reproduction.
This would allow CSV and OSCAL artifacts to be merged into the STAG repository with documentation to support how the process can be replicated. Code would exist outside the STAG repository for the CSV to OSCAL transformation with steps for building and replicating the process. Does that align with your understanding @JonZeolla ? |
Relating to #35 and #31
Description
Discussion i-progress for merging the outputs of this work into the Security TAG repository.
I'd like to propose defining or aggregating a set of minimum requirements before doing so. Would love feedback on if anyone disagrees.
Proposed Requirements
Optional Requirements
Open Questions
Open to Feedback.
The text was updated successfully, but these errors were encountered: