OSCAL Imports

Started by bigyin, March 26, 2020, 12:18:55 PM

Previous topic - Next topic

bigyin

Has anyone looked at how and if architool could import control frameworks (for us enterprise security architects) specifically the importation of OSCAL files, defined by NIST  https://pages.nist.gov/OSCAL/ in JSON, YAML, or XML .

While my initial interest is in 800-53, if successful this will allow importation of NIST CSF, ISO 27002, PIC, CMMI, COBIt, Cloud CSF and other control frameworks.

In turn if vision is realised can be use define component level security controls.

Any interested in this approach

Phil Beauvoir

I'm not familiar with those frameworks but the general rule is that if the data can be mapped to ArchiMate concepts (and perhaps Views) then it will be a case of the implementer writing an Archi plug-in to read in a data file, map it, and generate an Archi model from that. This is how the ArchiMate Exchange Format extension works, and the CSV import. Technically possible if someone wanted to do it.
If you value and use Archi please consider making a donation! https://www.archimatetool.com/donate

Phil Beauvoir

I forgot to say, that it should be possible to write a jArchi script to do this, providing one can read in the original data.
If you value and use Archi please consider making a donation! https://www.archimatetool.com/donate

secarch

I am also interested to use the OSCAL plugin for security stakeholders.   

Steven Bradley

I've already created an Archi model of the Final Public Draft of NIST 800-53r5 - laid out visually by hand but populated from the OSCAL xml

I'm waiting for the final version before publishing it.

squonk

Hello Steven,

Is it possible for you to share the Archi model of 53r5?   :)