Skip to content

jpower432/oscal-authoring-demo

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
.github/workflows
.github/workflows
 
 
.trestle
.trestle
 
 
component-definitions
component-definitions
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

oscal_authoring_demo

A repository to hold OSCAL content for demonstrations

How is the ComplianceAsCode content transformed into an OSCAL Component Definition?

  • The example control file used in this repository is nist_ocp4
  • One product equal one component and component definition - Example product we are using ocp4
  • Upstream OSCAL profiles are being used to filter the controls that get included in the control implementation and as the control source in the control implementation on the component.
graph TD
    subgraph ComplianceAsCode
        subgraph ControlGroup
            subgraph Controls
                Status
                ParameterOverride
                ControlNotes(Control Notes)
                Rules
                Parameter
            end
        end
    end
    subgraph OSCAL Component Definitions
        ImplReq(Implemented Requirements)
        Statements
        subgraph Properties
        Description
            Remarks
        end
    end

    ControlNotes --> Status
    Status{Status Not Applicable?}
    Status -- Yes --> Remarks
    Status -- No --> ImplReq
    Status -- No --> Statements
    ParameterOverride{Parameter Defined in Control?}
    ParameterOverride -- Yes --> Description
    ParameterOverride -- No --> Parameter
    Rules --> Parameter
    Rules --> Description
    Parameter --> Description
Loading

About

A repository to hold OSCAL content for demonstrations

Resources

Readme

License

CC0-1.0 license
Activity

Stars

2 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •