Archi Forum

Discussion Boards => General Archi Discussion => Topic started by: bigyin on March 26, 2020, 12:18:55 PM

Title: OSCAL Imports
Post by: bigyin on March 26, 2020, 12:18:55 PM
Has anyone looked at how and if architool could import control frameworks (for us enterprise security architects) specifically the importation of OSCAL files, defined by NIST  https://pages.nist.gov/OSCAL/ in JSON, YAML, or XML .

While my initial interest is in 800-53, if successful this will allow importation of NIST CSF, ISO 27002, PIC, CMMI, COBIt, Cloud CSF and other control frameworks.

In turn if vision is realised can be use define component level security controls.

Any interested in this approach
Title: Re: OSCAL Imports
Post by: Phil Beauvoir on March 26, 2020, 17:19:00 PM
I'm not familiar with those frameworks but the general rule is that if the data can be mapped to ArchiMate concepts (and perhaps Views) then it will be a case of the implementer writing an Archi plug-in to read in a data file, map it, and generate an Archi model from that. This is how the ArchiMate Exchange Format extension works, and the CSV import. Technically possible if someone wanted to do it.
Title: Re: OSCAL Imports
Post by: Phil Beauvoir on March 30, 2020, 07:48:59 AM
I forgot to say, that it should be possible to write a jArchi script to do this, providing one can read in the original data.
Title: Re: OSCAL Imports
Post by: secarch on May 06, 2020, 14:07:06 PM
I am also interested to use the OSCAL plugin for security stakeholders.   
Title: Re: OSCAL Imports
Post by: Steven Bradley on August 13, 2020, 12:42:14 PM
I've already created an Archi model of the Final Public Draft of NIST 800-53r5 - laid out visually by hand but populated from the OSCAL xml

I'm waiting for the final version before publishing it.
Title: Re: OSCAL Imports
Post by: squonk on August 18, 2021, 20:15:39 PM
Hello Steven,

Is it possible for you to share the Archi model of 53r5?   :)