oscal.club /blog
OSCAL Club Website Updates via RSS - This is the official website of the OSCAL Club community.
Active Web Watch
oscal.club /blog
OSCAL Club Website Updates via RSS - This is the official website of the OSCAL Club community.
Active Web Watch
The page heading communicates the main focus of the page. Make your page heading descriptive and keep it succinct.
These headings introduce, respectively, sections and subsections within your body copy. As you create these headings, follow the same guidelines that you use when writing section headings: Be succinct, descriptive, and precise.
The particulars of your body copy will be determined by the topic of your page. Regardless of topic, it’s a good practice to follow the inverted pyramid structure when writing copy: Begin with the information that’s most important to your users and then present information of less importance.
Keep each section and subsection focused — a good approach is to include one theme (topic) per section.
Use the side navigation menu to help your users quickly skip to different sections of your page. The menu is best suited to displaying a hierarchy with one to three levels and, as we mentioned, to display the sub-navigation of a given page.
Read the full documentation on our side navigation on the component page.
The page heading communicates the main focus of the page. Make your page heading descriptive and keep it succinct.
These headings introduce, respectively, sections and subsections within your body copy. As you create these headings, follow the same guidelines that you use when writing section headings: Be succinct, descriptive, and precise.
The particulars of your body copy will be determined by the topic of your page. Regardless of topic, it’s a good practice to follow the inverted pyramid structure when writing copy: Begin with the information that’s most important to your users and then present information of less importance.
Keep each section and subsection focused — a good approach is to include one theme (topic) per section.
Use the side navigation menu to help your users quickly skip to different sections of your page. The menu is best suited to displaying a hierarchy with one to three levels and, as we mentioned, to display the sub-navigation of a given page.
Read the full documentation on our side navigation on the component page.
It has been an interesting few months in the OSCAL community. For those who follow the club on social media, like our own LinkedIn or Twitter posts or even the industry buzz more generally, you have likely observed a delightful new trend.
In those few months, more and more organizations are producing OSCAL content. NIST’s OSCAL Team, and the GSA FedRAMP program alongside them, were the few publicly producing OSCAL content, but no more. In the last few months, other important organizations in the cybersecurity industry have published.
We have seen the Center for Internet Security, U.S. government agencies like the Center for Medicare and Medicare Services, and even the Australian government’s Cyber Security Centre release their catalogs of security controls in OSCAL. These publications are in addition to many commercial entities advertising their use of OSCAL in the press.
These are exciting times! We in OSCAL Club want to help maintain, maybe even increase, that momentum. With that in mind, we are going to extend Awesome OSCAL to include a content section.
Sharing is an important part of any community, and especially one centered on our beloved format designed to exchange data. We hope this step will help you join us on the worldwide OSCAL journey!
As I watch the OSCAL community expand, I am excited to see an explosive growth in the quantity and quality of OSCAL-based projects. There are many kinds of people involved in OSCAL projects, and I have the wonderful privilege of talking to these many kinds of people, all in different steps of their OSCAL journey. One theme I hear increasingly often from those who have built expertise in OSCAL and get questions from the uninitiated is: OSCAL is a noun, not a verb, why do people not get that!?
With the first production release of OSCAL 1.0.0 in June 2021, there was an understandable desire and pressure in the last year to meet industry demand and implement solutions that bake in OSCAL goodness. During the last year, many developers, security specialists, and executive security leadership embarked on their OSCAL journey. As OSCAL novices, they internalize their own journey and ask a simple question of everyone around them.
How do I OSCAL?
This question conveys the best of intentions, but is still problematic. Using the word OSCAL as a verb implies it has agency, that OSCAL can inherently do things for you. Symbolically and metaphorically, maybe it can. But practically speaking, OSCAL is not an agent of change. It is simply a medium. You can hope that it is a verb, wishfully believing it is a change agent and absolves us from worthwhile challenge of understanding its concepts and internalizing them into your own security program. But that hope is misplaced.
OSCAL, at its core, is an information model (what data make up a system security plan?) and data models (how do I encode the data that makes up a system security plan in JSON? In XML? In YAML?). By definition, these things are nouns.
So what does this small wording change and mindset afford you? A whole lot! OSCAL, in its information models and data models, is a catalyst for all the different kinds of people in the security industry to empower themselves. OSCAL, as the official documents say today, is data-centric, integrated, extensible, and automated. These tenets represent a central theme: data ownership. So, you need to focus on the actual questions.
What am I doing with OSCAL?
How does my security data and workflows fit with OSCAL?
How do I make OSCAL work for my security program?
OSCAL is a noun, you bring the verbs. And this means you own the data and make it work for you.
Hello to and from the OSCAL Club Community. The community is small and determined, but even for the smallest of communities an easily editable website is key. So here we are! In order to allow those members passionate about compliance and security to contribute to the site directly, developer or not, I introduce the brand new site!
The new website not only has some minor stylistic improvements, but big functionality enhancements.
The use of the US Web Design System, for a crisp look but also one that is accessible for as many users as possible.
The adoption of Gatsby and React platform, to allow for easily adaptable styling and interactivity that many web developers will find comfortable.
Most importantly, the migration to Netlify and NetlifyCMS as a backend. This migration allows preview versions of the website before a pull request is reviewed, all without a full developer environment on their computer.
So, get started today! You can simply click the Help fix this site link in the upper right-hand corner.
Even I missed some things and had to fix them after the launch, you can check them out the changes I made with NetlifyCMS here.
Oh, and expect more blog post series on the intersection of OSCAL and other topics soon. The new workflows will benefit all of us.
As we like to say in the OSCAL Club Community:
World unification equals world domination, have a nice day!
Hopfully, I will get feedback from you soon. (Hey, see what I did there? I look forward to the first fix!)