Comments (8)
from discuss.
I think this is looking at the problem in an old way, I think mass RMF revisions should go away and instead we need atomic level updates to specific controls and tests.
from discuss.
from discuss.
@jenglish Probably easiest to treat them as entirely different Standards. Happy to accept a pull request to the 800-53 repository to add other revisions.
from discuss.
I was thinking of using git branches for this. e.g. instead of specifying:
dependencies:
standards:
- url: https://github.com/GovReady/NIST-800-171-Standards
revision: master
that pulls in NIST-800-171r1.yaml from the master branch, you could have separate branches for each revision, each containing NIST-800-171.yaml (unsuffixed). I will try setting up my fork of the GovReady repo that way and see how it works...
from discuss.
Once a new revision is out, isn't the old one antiquated/unsupported?
Yes, but in practice, the old one stays in use, especially for a transition period.
from discuss.
Has been included in the https://github.com/opencontrol/standards repo for a few months. PRs can re-open the conversation :)
from discuss.
Is this overcome by events or is this still an open issue? If open and the schema plans to live on, I suggest collaboration with the OSCAL folks to understand how they approach the problem.
from discuss.
Related Issues (20)
- introductions to security compliance? HOT 7
- OpenControl edit workflow for non-technical users? HOT 6
- Set of partials == complete? HOT 7
- Script to convert FedRAMP controls spreadsheet to opencontrols files HOT 2
- add new root repository: introduction - with examples HOT 1
- re-org of repositories with table of contents for all HOT 1
- Risk assessment schema: Extend to three question types and provide validation HOT 5
- Translation of RiskVision controls spreadsheet to opencontrol YAML HOT 4
- has anyone done textual analysis of SSPs, or tried automating feedback on them? HOT 15
- OpenControl template HOT 4
- public SSPs? HOT 9
- As someone who isn't able to sign up for accounts, I want to be able to follow / participate in OpenControl HOT 3
- Introduction to ATOs HOT 1
- Map Components to Multiple Certifications HOT 8
- listening for control changes HOT 5
- code for parsing SSPs? HOT 3
- FedRAMP Challenges HOT 6
- Starting OpenControl Virtual Meetings HOT 9
- OpenControl Agenda topics HOT 1
- Is OpenControl deprecated? HOT 10
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from discuss.