Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[EPIC] Assessment Concepts Across Lifecycles #1061

Open
8 tasks
aj-stein-nist opened this issue Nov 29, 2021 · 2 comments
Open
8 tasks

[EPIC] Assessment Concepts Across Lifecycles #1061

aj-stein-nist opened this issue Nov 29, 2021 · 2 comments
Labels
Aged A label for issues older than 2023-01-01 enhancement Research User Story

Comments

@aj-stein-nist
Copy link
Contributor

User Story:

As an assessor, tool developer, or security professional leveraging OSCAL, in order to apply the concept of assessment throughout the lifecycle of an information system, I want clear guidance on how to incorporate assessment activities and tasks into that lifecycle, not just in the formation of assessment plans and assessment results.

Goals:

  • Provide a clear working definition for "assessment" as it pertains to the work of this epic, and OSCAL development in general
  • Draft a working roadmap on the review of where assessment comes up in different parts of the OSCAL lifecycle (RMF specific or as it pertains to common frameworks and methodologies authored by NIST or external parties)
  • Modify, augment, and remove necessary elements to information models in all layers, not just OSCAL Assessment Layer
  • Present necessary changes to core development team and greater OSCAL community and finalize necessary changes

Dependencies:

Acceptance Criteria

  • All OSCAL website and readme documentation affected by the changes in this issue have been updated. Changes to the OSCAL website can be made in the docs/content directory of your branch.
  • A Pull Request (PR) is submitted that fully addresses the goals of this User Story. This issue is referenced in the PR.
  • The CI-CD build process runs without any reported errors on the PR. This can be confirmed by reviewing that all checks have passed in the PR.

{The items above are general acceptance criteria for all User Stories. Please describe anything else that must be completed for this issue to be considered resolved.}
@aj-stein-nist
Copy link
Contributor Author

@david-waltermire-nist per conversation today, I added this epic to group #1058 and #1059. I am sure more stories to follow and they can be added to the epic later as they emerge from other tasks. Let me know if I didn't represent the epic or frame the details correctly in goals.

@david-waltermire david-waltermire added this to the OSCAL 1.2.0 milestone Jan 21, 2022
@aj-stein-nist aj-stein-nist removed their assignment Apr 19, 2023
@aj-stein-nist aj-stein-nist removed this from the v1.2.0 milestone Jul 27, 2023
@aj-stein-nist
Copy link
Contributor Author

This work should go back to user research and discovery, so this will be moved back to DEFINE Research Needed. After that, if it is returned to development as-is, we should consider refinement being needed as this epic, as previously used it, is too large re upcoming #1688 reorganization and needs to be broken down into manageable pieces.

@aj-stein-nist aj-stein-nist moved this from Todo to DEFINE Research Needed in NIST OSCAL Work Board Sep 27, 2023
@Compton-US Compton-US added the Aged A label for issues older than 2023-01-01 label Nov 2, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Aged A label for issues older than 2023-01-01 enhancement Research User Story
Projects
NIST OSCAL Work Board
Status: DEFINE Research Needed
Milestone
No milestone
Development

No branches or pull requests
3 participants
@david-waltermire @aj-stein-nist @Compton-US