20230209 Model Engineering Meeting notes and slides (#1650)

* 20230209 Model Engineering Meeting notes and slides

* Slides PDF for 20230209 MEM session

docs/content/contribute/model-engineering-meeting/meeting-2023-02-09

@@ -0,0 +1,61 @@
+---
+title: February 9, 2023
+date: 2023-02-09
+summary: OSCAL Model Engineering Meeting 2## Overview
+
+- No comments or feedback.
+
+## Ground Rules
+
+- No comments or feedback.
+
+## Review of Current and Completed Work
+
+- Focus on near term: improving CI/CD
+  - making evaluation easier
+- docs where there is confusion or missing detail
+- high reward/low risk changes to models (features or fixes)
+
+## Help Needed
+
+- PRs reviewing and comments
+- Model reviews
+- Bring your experience
+- Identify priorities for cookbook recipes/tutorials
+
+- No comments or feedback.
+
+## Open Questions & Answers
+
+- Community Attendee #1 asked how does this prioritization? lots of high asks for a couple of examples
+- A.J. notes that many isssues require some work
+  - some issues are old!
+  - offers web site enhancements as an example
+    - complex partly due to Metaschema dependency
+    - high-impact because user-facing
+    - we are doing infrastructure work to trace performance 
+- Issues (and impact of improvements) on the site and project tracker in GitHub
+  - Labels ("tags") added to the project tracking page per community feedback (Github Labels)
+- Community Attendee #2 asks about docs regarding FedRAMP process and alignment with other regimes (ISO, HIPAA) - we will revisit
+    - Per Michaela, this is a large topic and not just about mapping between control catalogs!
+    - Michaela did a high-level overview about using multiple compliance and security frameworks from heterogenous catalogs and use them in documentation of systems in components and system security plans
+    - Wendell explained his perspective and added for testing and conformance
+- Community Attendee #3 had a question about comment about the ROC in PCI-DSS and if that compliance report is more like a assessment plan in OSCAL more than SSP. Thoughts from the NIST OSCAL Team?
+    - A.J. said he had no formal awareness of the PCI-DSS data owners talking about the people.
+    - Dmitry said he met people at an OSCAL meetup working with PCI-DSS and HIPAA work, but not outside 
+- Wendell has a request for alignment: for PR review. For review, we should look at branches and "not in `main`" work, how do we get that community help with awareness. Wendell cited a volunteer contributor working on profile resolution and she wants feedback from others.
+- Community Attendee #1 said as he learned there are different repositories: how does one know which ones exist, their relationship between them, and what are their purpose?
+- We agreed we need to make an issue for making a Repository Map ("lay of the land") for OSCAL and OSCAL-related work.
+- Community Attendee #2 asked in chat requested a unique subscription calendar that updates itself to simplify keeping up with you automatically? A.J. explained this is part of current work.
+- A.J. describes Issue [usnistgov/OSCAL#1638](https://github.com/usnistgov/OSCAL/pull/1638), ADRs (Architectural Decision Records), calendar work forthcoming
+- Community Attendee #1 GE surveys "how do I open an issue"
+    - Page points to Help Wanted but not to New Issue
+    - Github issues not really designed for "I need help" questions
+    - Creating Issue to track work item: what are all the repositories I need to know about?
+    - Useful discussion on blocks to creating Issues
+
+
+## Slides
+
+You can download [the meeting's slide deck from here](../slides-2023-02-09.pdf).
+