Has anyone looked at how and if architool could import control frameworks (for us enterprise security architects) specifically the importation of OSCAL files, defined by NIST https://pages.nist.gov/OSCAL/ in JSON, YAML, or XML .
While my initial interest is in 800-53, if successful this will allow importation of NIST CSF, ISO 27002, PIC, CMMI, COBIt, Cloud CSF and other control frameworks.
In turn if vision is realised can be use define component level security controls.
Any interested in this approach
I'm not familiar with those frameworks but the general rule is that if the data can be mapped to ArchiMate concepts (and perhaps Views) then it will be a case of the implementer writing an Archi plug-in to read in a data file, map it, and generate an Archi model from that. This is how the ArchiMate Exchange Format extension works, and the CSV import. Technically possible if someone wanted to do it.
I forgot to say, that it should be possible to write a jArchi script to do this, providing one can read in the original data.
I am also interested to use the OSCAL plugin for security stakeholders.
I've already created an Archi model of the Final Public Draft of NIST 800-53r5 - laid out visually by hand but populated from the OSCAL xml
I'm waiting for the final version before publishing it.
Is it possible for you to share the Archi model of 53r5? :)