A repository to hold OSCAL content for demonstrations
- The example control file used in this repository is nist_ocp4
- One product equal one component and component definition - Example product we are using ocp4
- Upstream OSCAL profiles are being used to filter the controls that get included in the control implementation and as the control source in the control implementation on the component.
graph TD
subgraph ComplianceAsCode
subgraph ControlGroup
subgraph Controls
Status
ParameterOverride
ControlNotes(Control Notes)
Rules
Parameter
end
end
end
subgraph OSCAL Component Definitions
ImplReq(Implemented Requirements)
Statements
subgraph Properties
Description
Remarks
end
end
ControlNotes --> Status
Status{Status Not Applicable?}
Status -- Yes --> Remarks
Status -- No --> ImplReq
Status -- No --> Statements
ParameterOverride{Parameter Defined in Control?}
ParameterOverride -- Yes --> Description
ParameterOverride -- No --> Parameter
Rules --> Parameter
Rules --> Description
Parameter --> Description