It would be nice to not only check nist/bsi guidelines, but more. Concrete wishes
I'd suggest starting a format for custom guidelines, moving the existing guidelines to that format, and then add new guidelines in the custom format. already done
We have to check whether the existing format is sufficient. Our contact proposed other formats, which we might want to look at.
you are right, I've suggested the OSCAL, but recently we experimented a bit with CycloneDX SBOM object Definitions (https://cyclonedx.org/specification/overview/) for the similar purpose of supporting custom standard compliance check within one of our tools and so far we are quite happy with it, so this is also something I could recommend to have a look at
It would be nice to not only check nist/bsi guidelines, but more. Concrete wishes
I'd suggest starting a format for custom guidelines, moving the existing guidelines to that format, and then add new guidelines in the custom format.already doneWe have to check whether the existing format is sufficient. Our contact proposed other formats, which we might want to look at.