# PILLAR 1: PKI (a,b) # Increase Active Participation (1.a) **Deadline**: #12-31-2023 **Responsible Parties**: #Michaela **Status**: #EPIC Related: [[1]] [[1-b]] [[1-ii]] [[PKI]] _Increase instances of active participation by external contributors in official feedback media rate by average of 20% by 12/31/23. (Michaela owns clarifying). This document defines one of the Participation Key Indicators, namely, the #PKI-1 = "increase rate of the external participation", For a full list, see [[PKI]]. The Strategic Plan lists this PKI as: - _External contributors in official feedback media rate = 20%_ #DONE: - Clarify how to measure the 20% ### PKI-1 Definition The Strategic Plan defines: #PKI-1 as: PKI-1 = The overall participation ration increase of the external contributors. Per the Strategic Plan, the #PKI-1 is expected to increase by 20% / year ### Considerations Community members participation takes multiple forms: -A. Participation in NIST-hosted meetings -B. Participation in community-organized events (e.g. OSCAL Meetup) -C. Subscriptions to OSCAL mailing lists -D. Traffic in OSCAL communication channels #### A. Participation is NIST-hosted meetings -Participation in meetings may vary based on: -A.1 the type of the meeting -A.2 level of promotion from NIST -A.3 level of promotion from the (external) speaker (when applicable) -A.4 Impactful Federal holidays -A.5 Incidentals (health issues, speaker's cancelations, technical issues) Types of OSCAL Meetings - working meetings targeting existing community members - research - engineering - mini recurring events - targeting existing members and/or potential new members - mini OSCAL workshops - events that facilitate community members' presentations introducing their solutions sharing - educational workshops (new series - no base data) #### B.participation in Community-organized Events It might be challenging obtaining the data about the participants. #### C.Subscriptions to OSCAL Mailing Lists **Calculating PKI-1 for Mailing List Subscribers** Suggested PKI-1 = "increase rate of the external participation" should not simply count the individuals since an individual often represents an organization, and the size of the organization, and its potential to propagate the OSCAL to its customers is essential to a broader OSCAL adoption, then the PKI-1 should factor in the organization's size. If a meaningful quantification is in scope, and the size of the organization needs to be factored into PKI-1, I propose a categorization of the organizations the members represent, and a normalized weight added to the calculation based on the generic size of the organization or individual: -mega, (over 10000 employees) -> weight = log(company size) or 4 to simplify the calculation. NOTE: log(10000)=4 -large, (1000 - 9999 employees) -> weight = log(company size) or 3 to simplify the calculation -medium, (100 - 999 employees) -> weight = log(company size) or 2 to simplify the calculation -small, (10 - 99 employees) -> weight = log(company size) or 1 to simplify the calculation -very small (1-9) or private individuals (1 employee or private individual) -> weight = 0.9 It is also important to note that a simple percentage of increase will always depend on the size of the community, and the more the base growth, one percentage will represent a larger number of new members. 20% of 100 members is 20 new members. 20% of 1000 members is 200 new members, and such a snow balling increase appears not reasonable if one thinks that a global (total) security community as a whole is more likely constant. In this case the closer one gets to the full size of the community, the slower the increase rate calculated as proposed will be since the remaining entities is decreases until it reaches zero.. I am proposing a normalization of the base number of existing members (100/nr-of-members) and in this way we always calculate PKI-1 relative to 100, and aim a minimum 20% increase relative to the normalized base. **Synthetic example:** Nr of oscal-dev members on Dec 31, 2022: 150 members New Jan 2023 members: 3 private individuals, 2 small company members (company sizes 50 and 90), 1 mega (company size 20,000): A weighted total number of new members will be: 3 x 0.9 + 1 x log(50) + 1 x log(90) + 1 x log(20000) = 1.5 + 1.7 + 1.95 + 4.3 = 9.45 weighted new members. Relative to 100 members (with normalization) this weighted increases represents 9.45%, but relative to the raw number of existing members (150), this increase represents only 6.(6)%. As the community grows, without normalization, each quarterly quantification (percentage) will be lower and lower when the concrete number remains constant or even when it increases. _NOTE: A normalization of the PKI-1 in this case is equivalent to a weighted determination of the new subscribers. #### D. Traffic in OSCAL Communication Channels Can Gitter API be used to develop a bot that will provide the necessary analytics? On Feb 6 Gitter will be migrated to Matrix ([details migration](https://blog.gitter.im/2023/01/16/gitter-is-going-fully-native-matrix-in-feb-2023/)) . New Gitter API details: [https://spec.matrix.org/latest/client-server-api/](https://spec.matrix.org/latest/client-server-api/). # Audience's Diversity (1.b) **Deadline**: #quarterly **Responsible Parties**: #Michaela **Status**: #EPIC Related: [[1]] [[1-a]] [[PKI]] _Look at the diversity of audience (FedRAMP vs non-FedRAMP) to achieve 5% each quarter. This document defines the Participation Key Indicator #PKI-2 A complete list is available in the [[PKI]]: The Strategic Plan requests: - _Diversity of audience increase: 5% /quarter_ NOTE: A 5%/quarter expected PKI-2 is more than the PKI-1 expectation of 20%/year) ### PKI-2 Definition The Strategic Plan defines: #PKI-2 as: PKI-2 = The increase rate of the audience's diversity (non-FedRAMP vs FedRAMP). Per the Strategic Plan, the #PKI-2 is expected to increase by 5% / quarter (FedRAMP vs non-FedRAMP). #PKI-2 will look at the #PKI-1 data and aim to determine if the new community members are doing business with FedRAMP and if their interest in OSCAL is related to FedRAMP's security automation with OSCAL. The expectation is that the ratio of the members not related to FedRAMP vs the members related to FeDRAMP to increase by 5% each quarter. # References: https://www.google.com/maps/d/u/1/edit?mid=1utgSBkKlHbxQ9JbOL8Y5RXNytrq8X-4&ll=-2.290194918155379%2C0&z=2
Last changed by  
Michaela Iorga
83

Read more

Blossom Project Planning

Project Planning

1/11/2024
Summary

oscal-cli 0.3.4 release will be a minor release with minor bug fixes and improvements. However, there are changes to how library imports work that are not backwards compatible.

12/5/2023
Value stream issue management for usnistgov/OSCAL#1910

Aligned with [#1688] (https://github.com/usnistgov/OSCAL/issues/1688). See: Original HackMD

11/13/2023
FY24 OSCAL tasks and responsib

Teh following table aims to aggregate tasks and responsibilities the team is taking over from AJ as of Nov 1st 2023. To have a mode adequate picture, I recommend we include current tasks and resposnibilities as well. I will need help from the team to keep the table current and accurate.

10/25/2023
Read more from Michaela Iorga
Published on HackMD