Analyze New Default Control Origination Values in Core OSCAL #1502
Labels
Aged
A label for issues older than 2023-01-01
enhancement
Scope: Modeling
Issues targeted at development of OSCAL formats
User Story
User Story
As a security practitioner, in order to be able to more precisely define the origin of control requirements and who is responsible for their implementation, I would like to review and consider possible additional of default values for control origination for implemented requirements of a control in a control implementation of a SSP to support the notion of shared origin or that of a third-party/outsourced entity that is part of the service offered by a CSP and used in a customer's environment as part of that service.
This a continuation of discussion during review of https://github.com/usnistgov/OSCAL/pull/1460/files#r988165640 to make this a dedicated work item in this issue and determine it outside the context of #784.
Goals
Dependencies
No response
Acceptance Criteria
The text was updated successfully, but these errors were encountered: