Add community-maintained NIST SP 800-171 catalog

[xee5ch]

Add @matt-f5's new catalog as announced in usnistgov/oscal-content#150.

[matt-f5]

@xee5ch thanks for doing this!!

[iMichaela]

@matt-f5 - I would like to provide some clarification around closing (for now) the usnistgov/oscal-content, issue #150 and moving it here. If NIST publishes the content in a NIST owned repository, NIST (aka data owners) is (are) responsible for ensuring the quality of the information, possible errors, maintenance of the data, etc. and since there is already a call for proposed updates to 800-171, changes to the data are anticipated soon.

We (OSCAL team) are very excited to see your initiative, and we hope you understand the reasons for current closing of the issue while moving it here. The 800-53 is provided with support from the data owners (RMF) team. If you would like to further discuss this, and to explore how your work can be made visible to the community, I would be happy to have a call with you. For example, if you want to present your catalog, your plan for updates, or to call for collaboration, you can present it at one of our upcoming OSCAL mini workshop (monthly workshop). Please feel free to reach out at michaela at nist dot gov

[iMichaela]

Suggestion: Fathom5's OSCAL version of NIST SP 800-171 Catalog

[iMichaela]

I also wonder if the description statement is endorsed by the FATHOM5 team. Is this catalog maintain by them, or by the community?

[xee5ch]

Sorry I didn't respond sooner, hi @iMichaela. I merged this longer before you gave the PR feedback. Apologies!

If you are still interested, feel free to open a PR and I will merge in.

I also wonder if the description statement is endorsed by the FATHOM5 team. Is this catalog maintain by them, or by the community?

I have no idea, this is just a listing of community created (and maintained?) content. Unless stated otherwise, I presume they (Fathom5) made it since it is in their GitHub organization they have documentation and ongoing development for and with it.

Maybe @matt-f5 can elaborate?

[xee5ch]

@matt-f5 - I would like to provide some clarification around closing (for now) the usnistgov/oscal-content, issue #150 and moving it here.

Just for the record about oscal.club and the community effort. I saw the NIST team closed usnistgov/oscal-content#150, but it was not moved here. I, as clubhouse manager, saw the surprise announcement of a community member presenting their own version of the catalog and wanted to cite where I found it. That is why there is issue cross-linking in GH, but the creation of this issue coincides with the official NIST one, it has not official relationship. Just wanted to be clear.

I added lists of OSCAL content from community members here when I find them because I (and I presume the rest of the community) are happy to see them.

[matt-f5]

@xee5ch @iMichaela responding to all the above comments... I appreciate the addition to the Awesome OSCAL list and agree this is the best place to highlight it, as community-driven content. Fathom5 did create and does maintain the content in our repo, and we certainly welcome broader community contributions. Either of your recommended descriptions are good with us! Based on the discussion in usnistgov/oscal-content#150 , it makes sense that the official 800-171 maintainers from NIST should be the ones to approve publication of official OSCAL content. Now that I know it's a separate team, I'll be reaching out to them directly. In the mean time, I hope this can at least serve the community as an unofficial starting point :)