Repository of components in OSCAL format #1706
-
|
Is there a repository of components (in OSCAL format) from where an SSP author can select the files for the tools that the organization is using to satisfy some of the controls they have implemented? |
Beta Was this translation helpful? Give feedback.
Replies: 3 comments
-
|
I am keenly interested in this. Have translated some OpenControl components to OSCAL, but they are lacking the structure -- and ODPs -- of what one would like to see in a reusable component. Also, given an SSP may locally or via a "Profile chain" override a base catalog's ODPs, it's unclear under what circumstances a CDEF can be used if it sources the base catalog (some ideas in #1637). |
Beta Was this translation helpful? Give feedback.
-
|
NIST team is not maintaining any repository of |
Beta Was this translation helpful? Give feedback.
-
|
RedHat has a repository of components for all their technologies in OpenControl and OSCAL formats. |
Beta Was this translation helpful? Give feedback.
NIST team is not maintaining any repository of
Component Definitions, nor does the team knows of the existence of such repository for public consumption available today. NIST team is aware of different OSCAL community entities interested in creating and maintaining such community-managed repositories. NIST will provide pointers to such repositories as soon as reliable information is available.