Site Redesign
Breaking News: A New Year, a New Look
Hello to and from the OSCAL Club Community. The community is small and determined, but even for the smallest of communities an easily editable website is key. So here we are! In order to allow those members passionate about compliance and security to contribute to the site directly, developer or not, I introduce the brand new site!
What Changed?
The new website not only has some minor stylistic improvements, but big functionality enhancements.
-
The use of the US Web Design System, for a crisp look but also one that is accessible for as many users as possible.
-
The adoption of Gatsby and React platform, to allow for easily adaptable styling and interactivity that many web developers will find comfortable.
-
Most importantly, the migration to Netlify and NetlifyCMS as a backend. This migration allows preview versions of the website before a pull request is reviewed, all without a full developer environment on their computer.
So, get started today! You can simply click the Help fix this site link in the upper right-hand corner.
Even I missed some things and had to fix them after the launch, you can check them out the changes I made with NetlifyCMS here.
Oh, and expect more blog post series on the intersection of OSCAL and other topics soon. The new workflows will benefit all of us.
As we like to say in the OSCAL Club Community:
World unification equals world domination, have a nice day!
Hopfully, I will get feedback from you soon. (Hey, see what I did there? I look forward to the first fix!)
OSCAL Is a Noun, You Bring the Verbs
As I watch the OSCAL community expand, I am excited to see an explosive growth in the quantity and quality of OSCAL-based projects. There are many kinds of people involved in OSCAL projects, and I have the wonderful privilege of talking to these many kinds of people, all in different steps of their OSCAL journey. One theme I hear increasingly often from those who have built expertise in OSCAL and get questions from the uninitiated is: OSCAL is a noun, not a verb, why do people not get that!?
With the first production release of OSCAL 1.0.0 in June 2021, there was an understandable desire and pressure in the last year to meet industry demand and implement solutions that bake in OSCAL goodness. During the last year, many developers, security specialists, and executive security leadership embarked on their OSCAL journey. As OSCAL novices, they internalize their own journey and ask a simple question of everyone around them.
How do I OSCAL?
This question conveys the best of intentions, but is still problematic. Using the word OSCAL as a verb implies it has agency, that OSCAL can inherently do things for you. Symbolically and metaphorically, maybe it can. But practically speaking, OSCAL is not an agent of change. It is simply a medium. You can hope that it is a verb, wishfully believing it is a change agent and absolves us from worthwhile challenge of understanding its concepts and internalizing them into your own security program. But that hope is misplaced.
OSCAL, at its core, is an information model (what data make up a system security plan?) and data models (how do I encode the data that makes up a system security plan in JSON? In XML? In YAML?). By definition, these things are nouns.
So what does this small wording change and mindset afford you? A whole lot! OSCAL, in its information models and data models, is a catalyst for all the different kinds of people in the security industry to empower themselves. OSCAL, as the official documents say today, is data-centric, integrated, extensible, and automated. These tenets represent a central theme: data ownership. So, you need to focus on the actual questions.
What am I doing with OSCAL?
How does my security data and workflows fit with OSCAL?
How do I make OSCAL work for my security program?
OSCAL is a noun, you bring the verbs. And this means you own the data and make it work for you.