Cloud Controls Matrix

  • 1.  Metrics Catalogue and NIST OSCAL

    Posted 23 days ago
    Good morning,

    I've been over the current metrics specification and catalogue. Very nice work! I have recently began exploring NIST's OSCAL project. The standards included seem to be geared solely towards 800-53 and FedRamp, and there is no mention of "Continuous Audit" activities, at least not that I have seen.

    Is there an ongoing effort to attempt to integrate the Continuous Audit Metrics, or even STAR & CCMv4, into the OSCAL ecosystem?

    ------------------------------
    [Bruce] [Lavoie] [Developer]
    [Developer]
    [Egyde-KPMG]
    [Montreal] [Quebec]
    ------------------------------


  • 2.  RE: Metrics Catalogue and NIST OSCAL

    Posted 20 days ago
    Dear members,
    My colleague Alain Pannetrat, manager of the Continuous Metrics WG, has replied to this post, which has been reposted here.
    Best regards,
    Lefteris

    ------------------------------
    Eleftherios Skoutaris
    Program Manager
    Cloud Security Alliance
    ------------------------------