Annotate NIST SP800-53r5 controls with data from Appendix C #197
Labels
enhancement
The issue adds a new feature, capability, or artifact to the repository.
User Story
The issue is a user story for a development task.
User Story:
As an OSCAL user, I would like the NIST SP800-53r5 electronic control catalog to incorporate the additional data contained within the Summary tables of Appendix C of the PDF version to be included within the OSCAL representation of the catalog. This data would consist of the "Implemented By" notional guidance (either organization, system or both), and whether or not the control provides assurance. (the "Assurance" column) This would probably best be handled as additional properties of the control objects.
Goals:
For any (not withdrawn) SP800-53r5 control, it would be possible, in a machine consumable way, to determine if the control is listed as providing assurance within Appendix C of the PDF version, and whether the control is indicated as typically implemented by the organization, the system, or both/either the organization and system. If implemented using properties on the control, then the properties of control 'ac-1' might appear as below.
Dependencies:
None known.
Acceptance Criteria
The text was updated successfully, but these errors were encountered: