Govern the FINOS Control Catalog in OSCAL with Trestle SDK and Agile Authoring

[ancatri]

Feature Request

Govern the FINOS Control Catalog in OSCAL

Description of Problem:

Govern the FINOS Control Catalog in OSCAL

Potential Solutions:

Hi team - Hope you all are doing well - This message is to announce that next Tuesday 2/13 we will be kicking off the
CNFC OSCAL COMPASS Community Call now as part of CNCF tag. COMPASS = Compliance Automated Standard Solution

Meeting is happening in Zoom not in Webex as before - Zoom meeting number https://zoom.us/j/92729235315

We´ve moved to a subscription model where you can subscribe to the series here https://calendar.google.com/calendar/u/0/r/eventedit/copy/NW51Z3Q5djBrNTU1bDI4azhhZWRhdTg3bW1fMjAyNDAyMTNUMTUwMDAwWiAwYjh1NWVsOHRhNHM5M3QyY203MnR1dmhoa0Bn/YWxlbGVpdmFwYWwyOTA1QGdtYWlsLmNvbQ?scp=ALL - Feel free to spread the word

We will be taking meeting notes here - https://docs.google.com/document/d/1z9xvt-Z97j4CtEH1-nR9sMWul7jQkUi_fNY7BdMPgxM/edit

Recording will be shared after the meeting with the community

Thank you and see you next Tuesday 2/13 at 10 am EST and every other week following on!

[iMichaela]

@ancatri - Thank you fro opening the issue. IMHO, this issue can not be addressed today since the FINOS' common cloud controls need to be defined, but more than anything the threat-based approach and the assessment process are not well established in order to determine the correct/supporting representation in OSCAL of the necessary information (catalog, profile, component-definitions, mapping to threats, etc.)

However, a better understanding of the editorial abilities including validation by schema and constraints of the generated information, as well as human-readable conversion of OSCAL-based content, could be of immediate importance for the members of this WG.