Cloud Controls Matrix

  • 1.  Metrics Catalogue and NIST OSCAL

    Posted Jun 13, 2022 08:55:00 AM
    Good morning,

    I've been over the current metrics specification and catalogue. Very nice work! I have recently began exploring NIST's OSCAL project. The standards included seem to be geared solely towards 800-53 and FedRamp, and there is no mention of "Continuous Audit" activities, at least not that I have seen.

    Is there an ongoing effort to attempt to integrate the Continuous Audit Metrics, or even STAR & CCMv4, into the OSCAL ecosystem?

    [Bruce] [Lavoie] [Developer]
    [Montreal] [Quebec]

  • 2.  RE: Metrics Catalogue and NIST OSCAL

    Posted Jun 16, 2022 09:21:00 AM
    Dear members,
    My colleague Alain Pannetrat, manager of the Continuous Metrics WG, has replied to this post, which has been reposted here.
    Best regards,

    Eleftherios Skoutaris
    Program Manager
    Cloud Security Alliance