Details about international standardization of OSCAL?

[aj-stein-gsa]

Hello @iMichaela and NIST Team,

First off, congrats again for the 1.1.3 release. Keep 'em coming!

I was reviewing an email about the recent publication to the oscal-dev mailing list, and I noticed another mention of preparation for international use and standardization.

Dear OSCAL Community members,

NIST OSCAL Team would like to thank all our community members for their continuous support to NIST OSCAL Program and to our mission of maturing an “OSCAL for all” while preparing it for international standardization.

As Thanksgiving nears, our team would like to express our gratitude and to acknowledge that our success is not possible without your dedication and professionalism when supporting our efforts.

...

I looked in GitHub, my email archives, and the NIST websites. I find summarized description of standardization effort, but no details. What SDO will standardize it and what process will they use? Has this process started?

(NOTE: I would link to the original thread in the Google Groups thread in web view on list.nist.gov, but it appears that, like GSA, only NIST staff can deep link and access the mail list archives through the web interface. I am not sure you know about that, but I learned today the NIST mailing lists are sadly the same for me now that I left NIST. It means outside community members cannot see the history of list messages before they were subscribed.)

[iMichaela]

The intention of maturing OSCAL and submission to an international standards body was the long-term plan even when you were part of the NIST team. It was never a secret. It is not going to happen tomorrow. We will work with interested members of the community using a transparent process.

NIST mailing lists' security configurations are not managed by each list owner. But I will check again the configurations I have access to.

[aj-stein-gsa]

No worries about the mailing list, that issue I understand, I was just explaining I had to copy-paste, not directly link to the original source.

I will take the statement "We will work with interested members of the community using a transparent process." to indicate it is a future goal and it has not started yet. Thanks for your answer.