Comments (4)
mogul
commented on September 28, 2024
I can't speak to what's on opencontrol.xyz... This is the first I was even aware that it existed!
Yes, it's still roughly correct. It's gone even farther than "fork+append" and "fork+amend" now, in that your opencontrol.yaml can assemble "your controls" from multiple repositories, and in fact point at specific revisions in those repositories! I'm happy that the diagram was so helpful!
from discuss.
mogul
commented on September 28, 2024
Thinking about this a little more: The boxes surrounding the stack of controls, standards, and certifications have essentially coalesced to become the opencontrol.yaml file which specifies what set you're working with in all three cases.
from discuss.
afeld
commented on September 28, 2024
http://opencontrol.xyz/pipelines/ references Spruce and has a notional architecture which includes it. Am I right that that is obsolete?
There's an open issue around spruce here: opencontrol/compliance-masonry#49. Followed up there.
Probably nothing has been so useful to me this week than the sidebar comment "Certifications are just collections of references to standards"
Good to know! Where would be a good place to document that?
from discuss.
mogul
commented on September 28, 2024
Closing as inactive; open new issues if followup is needed!
from discuss.
Related Issues (20)
- introductions to security compliance? HOT 7
- OpenControl edit workflow for non-technical users? HOT 6
- Set of partials == complete? HOT 7
- Script to convert FedRAMP controls spreadsheet to opencontrols files HOT 2
- add new root repository: introduction - with examples HOT 1
- re-org of repositories with table of contents for all HOT 1
- Risk assessment schema: Extend to three question types and provide validation HOT 5
- Translation of RiskVision controls spreadsheet to opencontrol YAML HOT 4
- has anyone done textual analysis of SSPs, or tried automating feedback on them? HOT 15
- OpenControl template HOT 4
- public SSPs? HOT 9
- As someone who isn't able to sign up for accounts, I want to be able to follow / participate in OpenControl HOT 3
- Introduction to ATOs HOT 1
- Map Components to Multiple Certifications HOT 8
- listening for control changes HOT 5
- code for parsing SSPs? HOT 3
- FedRAMP Challenges HOT 6
- Starting OpenControl Virtual Meetings HOT 9
- OpenControl Agenda topics HOT 1
- Is OpenControl deprecated? HOT 10
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from discuss.