Merge pull request #99 from usnistgov/sprint-6

Merging Sprint 6 into Master. Resolve a few conflicts related to README.md after rebasing.

.github/ISSUE_TEMPLATE/issue-template.md

@@ -0,0 +1 @@
+Please describe the issue.

CONTRIBUTING.md

@@ -0,0 +1,32 @@
+# Contributing to the OSCAL Project
+
+This page is for potential contributors to the OSCAL project. It provides basic information on the OSCAL project, describes the main ways people can make contributions, explains how to report issues with OSCAL, and lists pointers to additional sources of information.
+
+## Project approach
+
+The approach we’re taking with OSCAL is agile. We’re adopting the philosophy of implementing the 20% of the functionality that solves 80% of the problem. We’re trying to focus on the core capabilities that are needed to provide the greatest amount of benefit. Because we’re working on a small set of capabilities, that allows us to make very fast progress. We’re building the features that we believe solve the biggest problems, so we’re providing the most value.
+
+## Contribution options
+
+The OSCAL project is producing several types of deliverables, including the following:
+ * *XML schemas* for the OSCAL component models  
+ * *Schematron definitions*, which are basically an extension of the XML schemas that provide more validation capabilities
+ * *XSL templates* for production of human-readable versions of OSCAL XML content 
+ * *CSS*, so people who are developing catalogs and profiles using XML tools can use CSS for data entry, which offers a much more usable interface 
+ * *Documentation* to define the OSCAL component models, capture the operational model of how to use OSCAL, and explain how you can convert existing content (catalogs, profiles, etc.) into OSCAL formats
+
+Contributions are welcome in any of these areas. For information on the project's current needs and priorities, see the project's GitHub issue tracker (discussed below).
+
+## Issue reporting and handling
+
+All requests for changes and enhancements to OSCAL are initiated through the project's GitHub issue tracker (https://github.com/usnistgov/OSCAL/issues). To initiate a request, please create a new issue. The core OSCAL project team regularly reviews the open issues, prioritizes their handling, and updates the issue statuses and comments as needed.
+
+## Communications mechanisms
+
+There are two mailing lists for the project:
+ * *[email protected]* for communication among parties interested in contributing to the development of OSCAL or exchanging ideas. Subscribe by visiting https://email.nist.gov/mailman/listinfo/oscal-dev.
+ * *[email protected]* for low-frequency updates on the status of the OSCAL project. To subscribe, visit https://email.nist.gov/mailman/listinfo/oscal-updates.
+
+## Setup instructions
+
+As the OSCAL project matures, instructions will be posted here for how to get the latest OSCAL files from the GitHub repository, set up your environment for OSCAL development/testing, etc. At this time, instructions are limited to README files in the repository that explain what’s on the repository, how the repository is organized, etc.

README.md

@@ -4,8 +4,10 @@ NIST is proposing the development of the Open Security Controls Assessment Langu
 
 This repository consists of the following directories pertaining to the OSCAL project:
   * [docs](docs): Documentation graphics, prose, progress updates, and presentation slides
-  * [working](working): Development artifacts (e.g., XML, XSLT, CSS, script, Markdown, and sample files, plus supporting files); additional documentation is posted under [working/doc](working/doc): 
+  * [examples](examples): OSCAL examples, including both demo (unit test) and "real world" examples
+  * [schema](schema): OSCAL schemas and validation tools
   * [sources](sources): Resources used to produce OSCAL artifacts that are not maintained by the OSCAL project (e.g., a copy of the NIST SP 800-53 control data feed schema)
+  * [working](working): Development artifacts (e.g., XML, XSLT, CSS, script, Markdown, and sample files, plus supporting files); additional documentation is posted under [working/doc](working/doc): 
 
 See [docs/prose/OSCAL-Overview.md](docs/prose/OSCAL-Overview.md) for an introduction to OSCAL and [docs/schema/oscal-tag-library.md](docs/schema/oscal-tag-library.md) for detailed information on the OSCAL data models and XML schema compositions.
 

USERS.md

@@ -0,0 +1,9 @@
+# Documentation for users of OSCAL tools and content
+
+The following types of users are most likely to benefit from consuming OSCAL tools and content when they are available:
+ * *Operations personnel*, who will be able to rapidly verify that systems comply with organizational security requirements
+ * *Security and privacy personnel*, who will be able to automatically identify problems and address them quickly before loss or damage occur; for example, a profile could be used to identify incorrect parameter values that are weakening security
+ * *Auditors/assessors*, who will be able to perform audits/assessments on demand with minimal effort
+ * *Policy personnel*, who will be able to better identify systemic problems that necessitate changes to organization security policy
+
+At this time, we do not have information available on using OSCAL tools and content because the initial components of OSCAL are still under development and are not yet ready for operational use. As OSCAL development continues, we will add pointers here to examples of OSCAL content so you can get an idea for what operational OSCAL content will look like.