Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add community-maintained NIST SP 800-171 catalog #34

Merged
merged 1 commit into from
Nov 1, 2022
Merged

Add community-maintained NIST SP 800-171 catalog #34

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,8 @@ Before contributing, please review the [Contribution Guidelines](https://github.

- [CMS Acceptable Risk Safeguards](https://github.com/CMSgov/ars-machine-readable): the tailored profiles and catalog of adapted NIST SP 800-53 controls used by the Centers for Medicare and Medicaid Services in OSCAL format. Perhaps the first OSCAL content released by a US government agency other than NIST, separate of collaboration with FedRAMP.

- [Fathom5 SP 800-171 Catalog](https://github.com/FATHOM5/oscal/tree/main/content/SP800-171/oscal-content): the community-maintained version(s) of the NIST SP 800-171 catalog created by Fathom5.
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggestion: Fathom5's OSCAL version of NIST SP 800-171 Catalog

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I also wonder if the description statement is endorsed by the FATHOM5 team. Is this catalog maintain by them, or by the community?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry I didn't respond sooner, hi @iMichaela. I merged this longer before you gave the PR feedback. Apologies!

If you are still interested, feel free to open a PR and I will merge in.

I also wonder if the description statement is endorsed by the FATHOM5 team. Is this catalog maintain by them, or by the community?

I have no idea, this is just a listing of community created (and maintained?) content. Unless stated otherwise, I presume they (Fathom5) made it since it is in their GitHub organization they have documentation and ongoing development for and with it.

Maybe @matt-f5 can elaborate?


## Tools

- [Alex Koderman's oscal4neo4j](https://github.com/Agh42/oscal4neo4j): a collection of scripts in Neo4j's Cypher query language to load OSCAL catalog data in JSON format into its graph database, potentially for use with [the Red Team Project's Security Control Knowledge Graph](https://gitlab.com/redteam-project/sckg).
Expand Down