Support OSCAL POA&M Export #30
Comments
Oh! I like that idea! How would you imagine something like that working, exactly, though? Are you thinking it'd be augmenting the "recommendations" we capture as a part of the objects we create in risqué? Or are you thinking more like a totally separate app that can be used to draft up POAMs on their own? I can potentially see either working really well, but the separate app idea feels like a more flexible approach. |
This is interesting. I was thinking more towards the former. The latter is a big lift (or a significant shift from the current vision of the app), right? Let me play around with the app and get back to you maybe? :-) |
|
I'd say one of the bigger issues, after quickly reorienting myself and playing with Risque (love the simplicity in UX and interface, BTW) is OSCAL is systemic and wants to make a POA&M that links back to a Assessment Result (AR), and that AR to an Assessment Plan (AP), and that AP should link back to a SSP describing the system assessed. I think I need to investigate how much "stuff" you can get away with in only in a POA&M if you want and stub out saying "we have UUIDs for those things from another API or tool, I am an expert user" or just leave them blank for now. Anyway, this is an interesting challenge to explore. I guess I could come up with some ideas and you can tell how reasonable or unreasonable that is for the context of this app? |
First time caller, long-time listener from oscal.club. Hello! I like this app, but had not noticed this gem in the Risk Redux portfolio until I heard people mention it today. Would you be interested in adding OSCAL POA&M export? Let me know and I can try to dust off my RoR knowledge and chip in, or just cheer from the sidelines, whatever works with this project.
Either way, very nice work!
The text was updated successfully, but these errors were encountered: