Good morning,
I've been over the current metrics specification and catalogue. Very nice work! I have recently began exploring NIST's OSCAL project. The standards included seem to be geared solely towards 800-53 and FedRamp, and there is no mention of "Continuous Audit" activities, at least not that I have seen.
Is there an ongoing effort to attempt to integrate the Continuous Audit Metrics, or even STAR & CCMv4, into the OSCAL ecosystem?
------------------------------
[Bruce] [Lavoie] [Developer]
[Developer]
[Egyde-KPMG]
[Montreal] [Quebec]
------------------------------