-
Notifications
You must be signed in to change notification settings - Fork 181
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Design simplified system lifecycle for example system in tutorials #1893
Comments
Michaela brought up during issue triage and backlog review to consider using ISO/IEC 27005 or alignment with it in the lifecycle we will design. |
Maybe - simplified, and just a slice of the whole:
|
Work on this issue is ongoing but incomplete. It will be needed to move onto the next sprint. |
Team needs to review and provide feedback by Wednesday (15th) for sprint planning. If all is good we can merge. |
The proposed simplified system lifecycle:
lists Select (controls) , Implement (controls), and Assess (controls) as Risk Management but it only covers Risk Treatment and Risk Control. As long as the example indicates it, the steps are well aligned with the OSCAL Models. Below is an slightly enhanced system lifecycle which can demonstrate also system's monitoring with OSCAL:
ToDo: Document the simplified system lifecycle in an ADR and close the issue. |
User Story
As a developer or system engineer writing software using OSCAL for security automation, I would like a simpler, example system lifecycle.
In this issue, we will design a simple system lifecycle (as opposed to the implied SDLC of the SP 800-37 Risk Management Framework with the seven steps) to simplify demonstration of different OSCAL use cases.
(NOTE: This issue is part of a value stream for tutorial improvements.)
Goals
Goals
Non-goals
Dependencies
No response
Acceptance Criteria
Revisions
No response
The text was updated successfully, but these errors were encountered: