# OSCAL Communication, Education & Participation Plan
## Strategic Plan Item(s)
-- 1.ix Develop and implement an OSCAL Communication, Education & Participation Plan by **1/31/23** designed to grow program (simple and accessible) and targeted to multiple interested parties (developers, users, etc.) w/ defined hand-offs.
-- 1.ix.a - Define what stakeholders should be educated on by **1/31/23**, execute and measure success – **on-going**.
## Type of meetings
### A. Based on Delivery Model
1- Organized by NIST OSCAL Team and opened to the public
2- Organized by the community (e.g. Mid-Atlantic OSCAL Meetup)
3- Requested by organizations and delivered to members of the requesting entity.
### B. Based on the Educational Level
1- Level 100 [New-to-OSCAL](https://hackmd.io/QxU6N2yVQgCmJ7bCV00PsQ)
2- Level 200
3- Level 300
### C. Based on Delivery Format
1- In person
2- Virtual
## 2023 Events
May 24-25 Annual OSCAL Conferences and Workshop
# Notes and Ideas
## Improve Onboarding
Two categories of activities:
- things we do ourselves with no support from NIST beyond infrastructure
- e.g. Gitter availability, tutorials on the site, regular Bluejeans events.
- more formal, larger, better documented and recorded activities
- workshops, public events, videos etc.
Both categories of activities are important and we will work towards supporting them. WE are proposing to start with self-organized, one-hour, bi-monthly, introduction presentations, while developing activities and material that require support from NIST PBA, AV, CLC.
### Design and create educational intro videos (NIST PBA help)
- Research how other teams at NIST (e.g. CSF, RMF, Privacy Framework)handle outreach
- Existing examples:
- CLC Course for RMF: https://doc.csod.com/ui/lms-learning-details/app/curriculum/76941c27-e56a-4362-989b-042a5dc7ecbb
- CSF video: https://www.youtube.com/watch?v=J9ToNuwmyF0
- Privacy framework video: https://www.youtube.com/watch?v=izdDPlEmhJc
- Based on other programs' educational material developed by NIST, we plan of following the same pattern for OSCAL and engage PBA to generate educational mini-videos and provide a series of training videos through DoC's CLC.
-
- How to broaden outreach / availability? - We ionitiated conversation with different entitties (local and abroad), such as local community involved in Meet Ups and international community (I-4 - Internatioanl Information Integrity Institute, London, UK and CNCF, UK) to educate and support them on building and educating the local community.
### Launch series of educational courses (presented and/or recorded)
- Create a new-to-oscal series of courses and recordings
- Possibly divide it into "levels" (i.e. "OSCAL 101 - What is Risk Management", or "OSCAL 201 - How are OSCAL models derived")
- **Work with AV team to clean up and promote presentations after the fact for publication on YouTube or NistTube**
- Do we host meetings formally (with "certs") or just informal meetings like we have now
- Host a discussion page to vote on new topics (++metrics)
- Release tutorials in parallel with presentations?
- Rather than formal programs what about informal regular open-ended sessions - "OSCAL Office Hours" to talk about whatever?
- schedule them with demos
- Identify tutorial areas that are missing and which could support this effort if created
- actions related to P1.ix.b)ix:
- Develop and implement an OSCAL Communication, Education & Participation Plan by 1/31/23 designed to grow program (simple and accessible) and targeted to multiple interested parties (developers, users, etc.) w/ defined hand-offs.
b.Develop simplified OSCAL tutorials (based on community input), workshops, blogs, support group, etc. by 3/31/23, inclusive of needs, costs, and identification. (Michaela, AJ, Arminta)
- Feedback from community (++metrics)
- How do we go broader than just GitHub discussions?
- Reduce Github dependency (In the old days we had mailing lists. Then there were blogs. What do we have today?)
- Or dependency on any single platform
- **Google Forms**??
- "We're planning our next work and are trying to prioritize, here is a list of tutorials we have and a list of tutorials that are planned, what are we missing and how do we prioritize them?"
- Poll people during events?
- We need to be aware of our valuable 'lurker' community, who also need help (i.e. prioritize publishing in the open not privileged access)
### Develop a certification program
- Work with ISC2 and/or I-4 or CSA to develop an OSCAL certification program.
## Improve Metrics
- tutorial community feedback
- new-to-oscal topic meetings