Roadmap

2024 Annual

Q1 - Foundations & Discovery:

  • Release: an initial version of Lula released to enable teams to begin development of validations. Establish process for future releases.
  • CI/CD: Establish supported workflows for CI/CD. Structure (Lint) → Assess (validate) → Compare (evaluate)
  • Validation Discovery: Create component definition artifacts for use on a variety of apps

Q2 Artifacts & Provenance:

  • Artifact Generation: Enable shifting context between OSCAL model artifacts where available to accelerate production of authorization artifacts. Provide reproducible process for component-definition and assessment-results.
  • Provenance: Continue to iterate on improving the provenance of artifacts that Lula can process/produce.
  • Document: Build and improve documentation to support tool-use with other conceptual patterns required for secure systems.

Q3 Configuration & Coverage:

  • Configuration & Templating: Enhance artifacts with optionality to template variables into OSCAL & Validations dynamically. Allowing the use of build-time and run-time templating.
  • OSCAL Model Coverage: Increase support of processable OSCAL models to include profile and system-security-plan
  • Quality of Life: User Experience improvements to operating with OSCAL and Lula validations

Q4 Data Collection:

  • OSCAL Model Coverage: Increase support of processable OSCAL models to include assessment-plan and plan-of-actions-and-milestones (POAM).
  • API Domain: Mature the API Domain into a more extensible option for validations.
  • Data Collection: Increase domain data collection methods by 1 to enable greater compliance mapping capabilities

2025 Annual (WIP)

Q1 - Benchmarks

  • Benchmark: Provide component definition artifacts for various benchmarks/best-practices (CIS etc)