Comments (8)
shawndwells
commented on August 18, 2024
1
On 11/9/17 4:33 AM, Joe English wrote:
I was thinking of using git branches for this. e.g. instead of specifying:
dependencies:
standards:
- url: https://github.com/GovReady/NIST-800-171-Standards
revision: master
that pulls in NIST-800-171r1.yaml from the master branch, you could
have separate branches for each revision, each containing
NIST-800-171.yaml (unsuffixed). I will try setting up my fork of the
GovReady repo that way and see how it works...
Is indicating revisions important? Once a new revision is out, isn't the
old one antiquated/unsupported?
Branches make things overly complex. If the control list is out of
sight, it's out of mind. Would rather have NIST-800-171-{r1 .. rX}.yml
in a single directory. This would also work with existing downstream
tooling, versus having people rewrite how they pull in standards.
from discuss.
johnmod3
commented on August 18, 2024
I think this is looking at the problem in an old way, I think mass RMF revisions should go away and instead we need atomic level updates to specific controls and tests.
from discuss.
openprivacy
commented on August 18, 2024
+1
The age of massive updates and 3-year ATOs is gone - black hats don't work
on that schedule.
But a huge legal and cultural shift must take place at NIST and the DHS and
every FISMA-reportable agency before they get it.
OpenControl is helping show the way, but don't hold your breath.
Until then, we'll have to continue to demonstrate compliance while we build
in security as a "side" project.
…On Tue, Nov 7, 2017 at 6:31 PM, John ***@***.***> wrote:
I think this is looking at the problem in an old way, I think mass RMF
revisions should go away and instead we need atomic level updates to
specific controls and tests.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#35 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAJlp6xQM_qpGDCdFV8GppyoLNxFC78rks5s0OhngaJpZM4QVlYs>
.
from discuss.
afeld
commented on August 18, 2024
@jenglish Probably easiest to treat them as entirely different Standards. Happy to accept a pull request to the 800-53 repository to add other revisions.
from discuss.
jenglish
commented on August 18, 2024
I was thinking of using git branches for this. e.g. instead of specifying:
dependencies:
standards:
- url: https://github.com/GovReady/NIST-800-171-Standards
revision: master
that pulls in NIST-800-171r1.yaml from the master branch, you could have separate branches for each revision, each containing NIST-800-171.yaml (unsuffixed). I will try setting up my fork of the GovReady repo that way and see how it works...
from discuss.
afeld
commented on August 18, 2024
Once a new revision is out, isn't the old one antiquated/unsupported?
Yes, but in practice, the old one stays in use, especially for a transition period.
from discuss.
shawndwells
commented on August 18, 2024
Has been included in the https://github.com/opencontrol/standards repo for a few months. PRs can re-open the conversation :)
from discuss.
its-a-lisa
commented on August 18, 2024
Is this overcome by events or is this still an open issue? If open and the schema plans to live on, I suggest collaboration with the OSCAL folks to understand how they approach the problem.
from discuss.
Related Issues (20)
- introductions to security compliance? HOT 7
- OpenControl edit workflow for non-technical users? HOT 6
- Set of partials == complete? HOT 7
- Script to convert FedRAMP controls spreadsheet to opencontrols files HOT 2
- add new root repository: introduction - with examples HOT 1
- re-org of repositories with table of contents for all HOT 1
- Risk assessment schema: Extend to three question types and provide validation HOT 5
- Translation of RiskVision controls spreadsheet to opencontrol YAML HOT 4
- has anyone done textual analysis of SSPs, or tried automating feedback on them? HOT 15
- OpenControl template HOT 4
- public SSPs? HOT 9
- As someone who isn't able to sign up for accounts, I want to be able to follow / participate in OpenControl HOT 3
- Introduction to ATOs HOT 1
- Map Components to Multiple Certifications HOT 8
- listening for control changes HOT 5
- code for parsing SSPs? HOT 3
- FedRAMP Challenges HOT 6
- Starting OpenControl Virtual Meetings HOT 9
- OpenControl Agenda topics HOT 1
- Is OpenControl deprecated? HOT 10
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from discuss.