# OSCAL Communication, Education & Participation Plan ## Strategic Plan Item(s) -- 1.ix Develop and implement an OSCAL Communication, Education & Participation Plan by **1/31/23** designed to grow program (simple and accessible) and targeted to multiple interested parties (developers, users, etc.) w/ defined hand-offs. -- 1.ix.a - Define what stakeholders should be educated on by **1/31/23**, execute and measure success – **on-going**. ## Type of meetings ### A. Based on Delivery Model 1- Organized by NIST OSCAL Team and opened to the public 2- Organized by the community (e.g. Mid-Atlantic OSCAL Meetup) 3- Requested by organizations and delivered to members of the requesting entity. ### B. Based on the Educational Level 1- Level 100 [New-to-OSCAL](https://hackmd.io/QxU6N2yVQgCmJ7bCV00PsQ) 2- Level 200 3- Level 300 ### C. Based on Delivery Format 1- In person 2- Virtual ## 2023 Events May 24-25 Annual OSCAL Conferences and Workshop # Notes and Ideas ## Improve Onboarding Two categories of activities: - things we do ourselves with no support from NIST beyond infrastructure - e.g. Gitter availability, tutorials on the site, regular Bluejeans events. - more formal, larger, better documented and recorded activities - workshops, public events, videos etc. Both categories of activities are important and we will work towards supporting them. WE are proposing to start with self-organized, one-hour, bi-monthly, introduction presentations, while developing activities and material that require support from NIST PBA, AV, CLC. ### Design and create educational intro videos (NIST PBA help) - Research how other teams at NIST (e.g. CSF, RMF, Privacy Framework)handle outreach - Existing examples: - CLC Course for RMF: https://doc.csod.com/ui/lms-learning-details/app/curriculum/76941c27-e56a-4362-989b-042a5dc7ecbb - CSF video: https://www.youtube.com/watch?v=J9ToNuwmyF0 - Privacy framework video: https://www.youtube.com/watch?v=izdDPlEmhJc - Based on other programs' educational material developed by NIST, we plan of following the same pattern for OSCAL and engage PBA to generate educational mini-videos and provide a series of training videos through DoC's CLC. - - How to broaden outreach / availability? - We ionitiated conversation with different entitties (local and abroad), such as local community involved in Meet Ups and international community (I-4 - Internatioanl Information Integrity Institute, London, UK and CNCF, UK) to educate and support them on building and educating the local community. ### Launch series of educational courses (presented and/or recorded) - Create a new-to-oscal series of courses and recordings - Possibly divide it into "levels" (i.e. "OSCAL 101 - What is Risk Management", or "OSCAL 201 - How are OSCAL models derived") - **Work with AV team to clean up and promote presentations after the fact for publication on YouTube or NistTube** - Do we host meetings formally (with "certs") or just informal meetings like we have now - Host a discussion page to vote on new topics (++metrics) - Release tutorials in parallel with presentations? - Rather than formal programs what about informal regular open-ended sessions - "OSCAL Office Hours" to talk about whatever? - schedule them with demos - Identify tutorial areas that are missing and which could support this effort if created - actions related to P1.ix.b)ix: - Develop and implement an OSCAL Communication, Education & Participation Plan by 1/31/23 designed to grow program (simple and accessible) and targeted to multiple interested parties (developers, users, etc.) w/ defined hand-offs. b.Develop simplified OSCAL tutorials (based on community input), workshops, blogs, support group, etc. by 3/31/23, inclusive of needs, costs, and identification. (Michaela, AJ, Arminta) - Feedback from community (++metrics) - How do we go broader than just GitHub discussions? - Reduce Github dependency (In the old days we had mailing lists. Then there were blogs. What do we have today?) - Or dependency on any single platform - **Google Forms**?? - "We're planning our next work and are trying to prioritize, here is a list of tutorials we have and a list of tutorials that are planned, what are we missing and how do we prioritize them?" - Poll people during events? - We need to be aware of our valuable 'lurker' community, who also need help (i.e. prioritize publishing in the open not privileged access) ### Develop a certification program - Work with ISC2 and/or I-4 or CSA to develop an OSCAL certification program. ## Improve Metrics - tutorial community feedback - new-to-oscal topic meetings
Last changed by  
Michaela Iorga
156

Read more

Blossom Project Planning

Project Planning

1/11/2024
Summary

oscal-cli 0.3.4 release will be a minor release with minor bug fixes and improvements. However, there are changes to how library imports work that are not backwards compatible.

12/5/2023
Value stream issue management for usnistgov/OSCAL#1910

Aligned with [#1688] (https://github.com/usnistgov/OSCAL/issues/1688). See: Original HackMD

11/13/2023
FY24 OSCAL tasks and responsib

Teh following table aims to aggregate tasks and responsibilities the team is taking over from AJ as of Nov 1st 2023. To have a mode adequate picture, I recommend we include current tasks and resposnibilities as well. I will need help from the team to keep the table current and accurate.

10/25/2023
Read more from Michaela Iorga
Published on HackMD