Purpose

As scale plays a role in technology and the evidence required to accredit systems - it is increasingly important to enable maintainable workflows for both the initial creation of OSCAL artifacts as well as enabling hybrid workflows where human-authored compliance information can co-exist with automation.

Lula should be able to generate OSCAL artifacts that enable full or templated starting and continual state.

Objective

Imperative and Declarative generation of OSCAL artifact templates. Ability to keep existing data in-place over successive executions.

Thoughts

Given the unmarshalling process for a given OSCAL artifact - if we want to enable human authored content to persistent changes:

• If an OSCAL artifact already exists (either specified or under the default name)
  • Unmarshall the existing document to the applicable model
  • Update any fields that automation establishes ownership
    • Some fields may be expected to be owned by automation - others we can hash for changes?
  • Marshall back to the applicable artifact name/type

In doing this - all manually authored information should persist.