1. You are part of several working groups within the NIST Cloud Computing area - could you tell us a little bit more about the Security and Forensic Sciences groups? For individuals who aren't with NIST but have relevant expertise, is there a way we can contribute to publications?

2. You have recently released the NIST Open Security Controls Assessment Language (OSCAL) document - could you give us some background on how this document came about and how much feedback you received from the OSCAL community? 

3 OSCAL has the promise to make standard security documentation such as SSPs and others machine readable and integrated with tooling for automated assessment, continuous monitoring, and visualization in dashboards. What sort of impact do you see this having on the traditional way of doing Federal cybersecurity? Do you see this as the future of cybersecurity across Government and DoD? 

4  To expand on that topic a little bit, NIST has a great history of working with the public, community groups, and other agencies to work on the best documentation, controls, and guidance for both the private and public sector. Can you speak about the importance of collaboration between the private and public sectors?

5  NIST has had some great webinars and virtual events lately. As the impacts of COVID dissipate, does NIST Plan to keep these sorts of events up to help spread their reach and impact across the IT/cyber community?

6  Have you had any involvement with NIST DevSecOps efforts and can you speak about DevSecOps adoption within Government? Any thoughts in particular on its value, the challenges and the major benefits? One area of strong interest lately is the area of On-Going Authorization or Continuous ATO - versus the traditional 3 year ATO cycle. Can you discuss how OSCAL may play a part here?

7 What does Cyber Resilience mean to you?