Roadmap

2024 Annual

Q1 - Foundations & Discovery:

• Release: an initial version of Lula released to enable teams to begin development of validations. Establish process for future releases.
• CI/CD: Establish supported workflows for CI/CD. Structure (Lint) → Assess (validate) → Compare (evaluate)
• Validation Discovery: Create component definition artifacts for use on a variety of apps

Q2 Artifacts & Provenance:

• Artifact Generation: Enable shifting context between OSCAL model artifacts where available to accelerate production of authorization artifacts. Provide reproducible process for component-definition and assessment-results.
• Provenance: Continue to iterate on improving the provenance of artifacts that Lula can process/produce.
• Document: Build and improve documentation to support tool-use with other conceptual patterns required for secure systems.

Q3 Configuration & Coverage:

• Configuration & Templating: Enhance artifacts with optionality to template variables into OSCAL & Validations dynamically. Allowing the use of build-time and run-time templating.
• OSCAL Model Coverage: Increase support of processable OSCAL models to include profile and system-security-plan
• Quality of Life: User Experience improvements to operating with OSCAL and Lula validations

Q4 Data Collection:

• OSCAL Model Coverage: Increase support of processable OSCAL models to include assessment-plan and plan-of-actions-and-milestones (POAM).
• API Domain: Mature the API Domain into a more extensible option for validations.
• Data Collection: Increase domain data collection methods by 1 to enable greater compliance mapping capabilities

2025 Annual (WIP)

Q1 - Benchmarks

• Benchmark: Provide component definition artifacts for various benchmarks/best-practices (CIS etc)