Address feedback from SIMP #83
Comments
|
@afeld Hi there! Happy to provide live feedback and try things out to a point. I'd also like to know about the confluence of OpenControl and OSCAL since (if it ever solidifies) OSCAL should be the way of the future. |
May take you up on that at some point, thanks!
I have said this before, and will state again here: I have no attachment to the OpenControl schemas. Once OSCAL has full parity with OpenControl - specifically, once their Implementations schema is ready - I am more than happy to propose deprecating the OpenControl format. |
|
OSCAL is several years away, lacks industry support, and according to NIST, isn't their path forward. Wouldn't let OSCAL be a distraction. |
|
@shawndwells As far as I can tell, everything lacks industry support at this point because fragmentation raises revenue streams. Any sources on the NIST statement? The project seems to be going pretty strong for that to be an official message. Personally, I'm looking for anything that's usable, stable, and is moderately capable of being used by people that don't understand The issue is that, unlike SCAP (sort of), a lot of this material is procedural and therefore has to be written and maintained by people that are not developers (and don't want to be). Anything that ignores that message will not obtain a reasonable level of adoption. Using REstructuredText was our swipe as sort of appeasing this and it helped since people are sort of OK just typing in loosely formatted free-form documents with some markup tags. It's still not a great user experience though. |
Just found this issue after digging from the SIMP Security Control Mapping:
https://simp-project.atlassian.net/browse/SIMP-721
Granted, it's a couple years old, but we should figure how how/if to address those shortcomings. This issue will probably be broken out to smaller ones.
cc @trevor-vaughan
The text was updated successfully, but these errors were encountered: