-
Notifications
You must be signed in to change notification settings - Fork 23
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
chore(docs): adding 2024 roadmap to the project documentation (#320)
* docs: adding 2024 roadmap to the project documentation * chore(docs): updating roadmap to align with current milestones * chore(docs): update Q3 24 objectives
- Loading branch information
1 parent
26898b8
commit 120d15a
Showing
2 changed files
with
35 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,32 @@ | ||
| # Roadmap | ||
| ## 2024 Annual | ||
|
|
||
| ### Q1 - Foundations & Discovery: | ||
|
|
||
| * Release: an initial version of Lula released to enable teams to begin development of validations. Establish process for future releases. | ||
| * CI/CD: Establish supported workflows for CI/CD. Structure (Lint) → Assess (validate) → Compare (evaluate) | ||
| * Validation Discovery: Create component definition artifacts for use on a variety of apps | ||
|
|
||
| ### Q2 Artifacts & Provenance: | ||
|
|
||
| * Artifact Generation: Enable shifting context between OSCAL model artifacts where available to accelerate production of authorization artifacts. Provide reproducible process for component-definition and assessment-results. | ||
| * Provenance: Continue to iterate on improving the provenance of artifacts that Lula can process/produce. | ||
| * Document: Build and improve documentation to support tool-use with other conceptual patterns required for secure systems. | ||
|
|
||
| ### Q3 Configuration & Coverage: | ||
|
|
||
| * Configuration & Templating: Enhance artifacts with optionality to template variables into OSCAL & Validations dynamically. Allowing the use of build-time and run-time templating. | ||
| * OSCAL Model Coverage: Increase support of processable OSCAL models to include profile and system-security-plan | ||
| * Quality of Life: User Experience improvements to operating with OSCAL and Lula validations | ||
|
|
||
| ### Q4 Data Collection: | ||
|
|
||
| * OSCAL Model Coverage: Increase support of processable OSCAL models to include assessment-plan and plan-of-actions-and-milestones (POAM). | ||
| * API Domain: Mature the API Domain into a more extensible option for validations. | ||
| * Data Collection: Increase domain data collection methods by 1 to enable greater compliance mapping capabilities | ||
|
|
||
| ## 2025 Annual (WIP) | ||
|
|
||
| ### Q1 - Benchmarks | ||
|
|
||
| * Benchmark: Provide component definition artifacts for various benchmarks/best-practices (CIS etc) |