In part 2 of this multi-part blog series on continuous compliance, we described our open-source SDK called Trestle which provides an implementation of the NIST Open Security Control Assessment Language (OSCAL) standard framework and the corresponding set of key compliance artifacts expressed as compliance as code. We mentioned that in addition to direct editing and manipulation of OSCAL documents, Trestle also provides capabilities for agile authoring of compliance artifacts as Markdown content and its conversion to OSCAL format. Further, in our first blog in this series, we described various personas and their role in the compliance processes.
In this blog post, we will focus on how Trestle enables those diverse personas to collaboratively author the compliance artifacts by providing a variety of interfaces and authoring methods suitable to the broad set of skills of those personas, from editing Markdown and spreadsheets, to editing OSCAL JSON. We also describe how Trestle workflow automation supports the actions that various personas need to take in the compliance end-to-end flow.