Skip to content

OpenControl-formatted industry standards and requirement documents

License

Notifications You must be signed in to change notification settings

shawndwells/standards

 
 

Repository files navigation

Standards

To import these data into a OpenControl project add the follow code to your opencontrol.yaml file.

dependencies:
  standards:
    - url: https://github.com/opencontrol/standards
      revision: master

For more information on the opencontrol.yaml visit the Compliance Masonry CLI.

Using the NIST 800-53 standards

On 1-APR-2018, the NIST 800-53 standard files were updated to allow OpenControl content authors to specify which revision of NIST 800-53 should be used. There are now three options:

  • NIST-800-53 rev3: Legacy NIST 800-53 revision 3 content [nist-800-53-rev3.yaml]
  • NIST-800-53 rev4: NIST 800-53 revision 4 content [nist-800-53-rev4.yaml]
  • NIST-800-53: Special target that will always point to latest NIST revision upon ratification from NIST. Currently this is rev4, and will automatically transition to rev5 when available. [nist-800-53-latest.yaml]

Sample component.yaml

When creating OpenControl content for components, the standard_key should be updated to reflect which NIST 800-53 content should be used.

For example, for NIST 800-53 rev4:

- control_key: AC-2 (2)
  standard_key: NIST-800-53 rev4
  covered_by: []
  implementation_status: Implemented
  narrative:
    - text: |
        'Your control response text'

And for your content to automatically use the latest revision, use:

- control_key: AC-2 (2)
  standard_key: NIST-800-53
  covered_by: []
  implementation_status: Not applicable
  narrative:
    - text: |
        'Your control response text'

About

OpenControl-formatted industry standards and requirement documents

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Go 95.7%
  • Makefile 4.3%