# PILLAR 1: PKI (a,b)
# Increase Active Participation (1.a)
**Deadline**: #12-31-2023
**Responsible Parties**: #Michaela
**Status**: #EPIC
Related: [[1]] [[1-b]] [[1-ii]] [[PKI]]
_Increase instances of active participation by external contributors in official feedback media rate by average of 20% by 12/31/23. (Michaela owns clarifying).
This document defines one of the Participation Key Indicators, namely, the #PKI-1 = "increase rate of the external participation", For a full list, see [[PKI]].
The Strategic Plan lists this PKI as:
- _External contributors in official feedback media rate = 20%_
#DONE:
- Clarify how to measure the 20%
### PKI-1 Definition
The Strategic Plan defines: #PKI-1 as:
PKI-1 = The overall participation ration increase of the external contributors.
Per the Strategic Plan, the #PKI-1 is expected to increase by 20% / year
### Considerations
Community members participation takes multiple forms:
-A. Participation in NIST-hosted meetings
-B. Participation in community-organized events (e.g. OSCAL Meetup)
-C. Subscriptions to OSCAL mailing lists
-D. Traffic in OSCAL communication channels
#### A. Participation is NIST-hosted meetings
-Participation in meetings may vary based on:
-A.1 the type of the meeting
-A.2 level of promotion from NIST
-A.3 level of promotion from the (external) speaker (when applicable)
-A.4 Impactful Federal holidays
-A.5 Incidentals (health issues, speaker's cancelations, technical issues)
Types of OSCAL Meetings
- working meetings targeting existing community members
- research
- engineering
- mini recurring events - targeting existing members and/or potential new members
- mini OSCAL workshops - events that facilitate community members' presentations introducing their solutions sharing
- educational workshops (new series - no base data)
#### B.participation in Community-organized Events
It might be challenging obtaining the data about the participants.
#### C.Subscriptions to OSCAL Mailing Lists
**Calculating PKI-1 for Mailing List Subscribers**
Suggested PKI-1 = "increase rate of the external participation" should not simply count the individuals since an individual often represents an organization, and the size of the organization, and its potential to propagate the OSCAL to its customers is essential to a broader OSCAL adoption, then the PKI-1 should factor in the organization's size.
If a meaningful quantification is in scope, and the size of the organization needs to be factored into PKI-1, I propose a categorization of the organizations the members represent, and a normalized weight added to the calculation based on the generic size of the organization or individual:
-mega, (over 10000 employees)
-> weight = log(company size) or 4 to simplify the calculation.
NOTE: log(10000)=4
-large, (1000 - 9999 employees)
-> weight = log(company size) or 3 to simplify the calculation
-medium, (100 - 999 employees)
-> weight = log(company size) or 2 to simplify the calculation
-small, (10 - 99 employees)
-> weight = log(company size) or 1 to simplify the calculation
-very small (1-9) or private individuals (1 employee or private individual)
-> weight = 0.9
It is also important to note that a simple percentage of increase will always depend on the size of the community, and the more the base growth, one percentage will represent a larger number of new members. 20% of 100 members is 20 new members. 20% of 1000 members is 200 new members, and such a snow balling increase appears not reasonable if one thinks that a global (total) security community as a whole is more likely constant. In this case the closer one gets to the full size of the community, the slower the increase rate calculated as proposed will be since the remaining entities is decreases until it reaches zero..
I am proposing a normalization of the base number of existing members (100/nr-of-members) and in this way we always calculate PKI-1 relative to 100, and aim a minimum 20% increase relative to the normalized base.
**Synthetic example:**
Nr of oscal-dev members on Dec 31, 2022: 150 members
New Jan 2023 members: 3 private individuals, 2 small company members (company sizes 50 and 90), 1 mega (company size 20,000):
A weighted total number of new members will be:
3 x 0.9 + 1 x log(50) + 1 x log(90) + 1 x log(20000) = 1.5 + 1.7 + 1.95 + 4.3 = 9.45 weighted new members.
Relative to 100 members (with normalization) this weighted increases represents 9.45%, but relative to the raw number of existing members (150), this increase represents only 6.(6)%. As the community grows, without normalization, each quarterly quantification (percentage) will be lower and lower when the concrete number remains constant or even when it increases.
_NOTE: A normalization of the PKI-1 in this case is equivalent to a weighted determination of the new subscribers.
#### D. Traffic in OSCAL Communication Channels
Can Gitter API be used to develop a bot that will provide the necessary analytics? On Feb 6 Gitter will be migrated to Matrix ([details migration](https://blog.gitter.im/2023/01/16/gitter-is-going-fully-native-matrix-in-feb-2023/)) . New Gitter API details: [https://spec.matrix.org/latest/client-server-api/](https://spec.matrix.org/latest/client-server-api/).
# Audience's Diversity (1.b)
**Deadline**: #quarterly
**Responsible Parties**: #Michaela
**Status**: #EPIC
Related: [[1]] [[1-a]] [[PKI]]
_Look at the diversity of audience (FedRAMP vs non-FedRAMP) to achieve 5% each quarter.
This document defines the Participation Key Indicator #PKI-2 A complete list is available in the [[PKI]]:
The Strategic Plan requests:
- _Diversity of audience increase: 5% /quarter_
NOTE: A 5%/quarter expected PKI-2 is more than the PKI-1 expectation of 20%/year)
### PKI-2 Definition
The Strategic Plan defines: #PKI-2 as:
PKI-2 = The increase rate of the audience's diversity (non-FedRAMP vs FedRAMP).
Per the Strategic Plan, the #PKI-2 is expected to increase by 5% / quarter (FedRAMP vs non-FedRAMP).
#PKI-2 will look at the #PKI-1 data and aim to determine if the new community members are doing business with FedRAMP and if their interest in OSCAL is related to FedRAMP's security automation with OSCAL. The expectation is that the ratio of the members not related to FedRAMP vs the members related to FeDRAMP to increase by 5% each quarter.
# References:
https://www.google.com/maps/d/u/1/edit?mid=1utgSBkKlHbxQ9JbOL8Y5RXNytrq8X-4&ll=-2.290194918155379%2C0&z=2