Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CCI correlation #84

Closed
3 tasks
degthat8412 opened this issue Oct 7, 2021 · 2 comments
Closed
3 tasks

CCI correlation #84

degthat8412 opened this issue Oct 7, 2021 · 2 comments
Assignees
@david-waltermire
Labels
enhancement The issue adds a new feature, capability, or artifact to the repository. User Story The issue is a user story for a development task.

Comments

@degthat8412
Copy link

User Story:

Curious if this package is going to incorporate CCI correlation to control families?

Goals:

Since DISA released a correlation XML for CCI's to control family to verify STIG's and be able to related them quickly to control family, will this do the same for Rev 4 and Rev 5?

Dependencies:

{Describe any previous issues or related work that must be completed to start or complete this issue.}

Acceptance Criteria

  • All readme documentation affected by the changes in this issue have been updated.
  • A Pull Request (PR) is submitted that fully addresses the goals of this User Story. This issue is referenced in the PR.
  • The CI-CD build process runs without any reported errors on the PR. This can be confirmed by reviewing that all checks have passed in the PR.

{The items above are general acceptance criteria for all User Stories. Please describe anything else that must be completed for this issue to be considered resolved.}
@degthat8412 degthat8412 added enhancement The issue adds a new feature, capability, or artifact to the repository. User Story The issue is a user story for a development task. labels Oct 7, 2021
@iMichaela
Copy link
Contributor

@degthat8412 -- OSCAL catalogs and baselines maintained in this repository are the accurate representation of the NIST SP 800-53 (rev4 & 5), 800-53B (rev 5) and 800-53A (rev4 & 5) . Please note: SP 800-53 rev4 provides the baselines as well which are represented here as well.

Our team is planning to develop a model that allows a mapping like the one to Control Correlation Identifier list or CCI to be represented in OSCAL.

The updated mapping itself (the representation of DISA's CCI mapping to 800-53 rev5 controls and sub controls) when available, will, most likely, not be maintained by NIST since it is not information generated by us.

@david-waltermire
Copy link
Contributor

We are currently working on the OSCAL mapping model in PR usnistgov/OSCAL#1150 related to the OSCAL issue usnistgov/OSCAL#87. Once we have this mapping model work done, DISA will be able to publish CCI to SP 800-53 mappings using the OSCAL mapping model as @iMichaela suggested above.

@david-waltermire david-waltermire self-assigned this May 17, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@david-waltermire david-waltermire

Labels
enhancement The issue adds a new feature, capability, or artifact to the repository. User Story The issue is a user story for a development task.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@david-waltermire @iMichaela @degthat8412