Extending 800-53 with additional controls #60
Labels
question
Further information is requested
Comments
|
Yes. You can add new controls in a new catalog. You would then import both the original and the new catalog in the same OSCAL profile. Once resolved, the resulting catalog would contain selected controls from both source catalogs. |
|
I've captured the extra controls in a separate catalog, but for some reason the controls in the second catalog (only) are being imported twice. Below is a snippet from the profile. "imports": [
{
"href": "NIST_SP-800-53_rev5_catalog.json",
"include-all": {},
"exclude-controls": [
{
"with-ids": ["sc-19"]
}
]
},
{
"href": "cccs-catalog.json",
"include-all": {}
}
],
"merge": {
"as-is": true
}, |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The Canadian Centre for Cyber Security publishes a modified version of NIST 800-53. While I have been able to capture most of their modifications in an OSCAL profile using the
altersfunctionality, in some cases they have added new controls such as AC-17(400).Is there a way to capture these additional controls in a separate OSCAL catalog, and for
oscal-clito merge them into their existing NIST 800-53 structure?The text was updated successfully, but these errors were encountered: