Roadmap
2 minute read
2024 Annual
Q1 - Foundations & Discovery:
- Release: an initial version of Lula released to enable teams to begin development of validations. Establish process for future releases.
- CI/CD: Establish supported workflows for CI/CD. Structure (Lint) → Assess (validate) → Compare (evaluate)
- Validation Discovery: Create component definition artifacts for use on a variety of apps
Q2 Artifacts & Provenance:
- Artifact Generation: Enable shifting context between OSCAL model artifacts where available to accelerate production of authorization artifacts. Provide reproducible process for component-definition and assessment-results.
- Provenance: Continue to iterate on improving the provenance of artifacts that Lula can process/produce.
- Document: Build and improve documentation to support tool-use with other conceptual patterns required for secure systems.
Q3 Configuration & Coverage:
- Configuration & Templating: Enhance artifacts with optionality to template variables into OSCAL & Validations dynamically. Allowing the use of build-time and run-time templating.
- OSCAL Model Coverage: Increase support of processable OSCAL models to include profile and system-security-plan
- Quality of Life: User Experience improvements to operating with OSCAL and Lula validations
Q4 Data Collection:
- OSCAL Model Coverage: Increase support of processable OSCAL models to include assessment-plan and plan-of-actions-and-milestones (POAM).
- API Domain: Mature the API Domain into a more extensible option for validations.
- Data Collection: Increase domain data collection methods by 1 to enable greater compliance mapping capabilities
2025 Annual (WIP)
Q1 - Benchmarks
- Benchmark: Provide component definition artifacts for various benchmarks/best-practices (CIS etc)
Feedback
Was this page helpful?