Analysis of Feedback and Refinement of OSCAL SSP Specification #257
Labels
Epic
A collection of issues to be worked on over a series of sprints
Scope: Content
Development of OSCAL content and examples.
Scope: Modeling
Issues targeted at development of OSCAL formats
User Story
Milestone
Comments
david-waltermire
added
Scope: Modeling
|
Updated mock-up, reflects up-front metadata approach now present in all OSCAL layers. As we turn attention from MR 1 (catalogs and profiles) to MR 2 (Implementation, including SSPs and vendor product files), we will start working with this model. OSCAL Implementation Layer System Security Plan (SSP) Mock Up (v2).zip |
david-waltermire
added
the
Epic
23 tasks
|
@brianrufgsa I think we might have addressed this through the combination of work we have been doing on the SSP models and the FedRAMP guide. Can this be closed? Or do you think we have more work to do? |
david-waltermire
modified the milestones:
OSCAL 1.0 Milestone 3,
OSCAL 1.0 (Full Release)
|
Agreed. Closing. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
User Story:
As a FedRAMP Cloud Service Provider, I need to submit my FedRAMP-complaint System Security Plan in a machine-readable format that is OSCAL compliant/aligned, as defined by the FedRAMP PMO in cooperation with the NIST OSCAL effort. As the FedRAMP PMO, we need to share SSP content with leveraging agencies in a machine-readable formation that is OSCAL compliant/aligned.
Goals:
This represents a long-term issue to track progress against supporting FedRAMP SSPs.
The ultimate goal is to enable third-party tool development that CSPs can use to develop FedRAMP-compliant SSPs with the guidance of an "expert system". CSPs can then submit SSP content to the FedRAMP PMO in a standardized machine-readable format that enables the PMO to perform automated compliance analysis.
The goal of this issue is to receive feedback on Issue #246, assess and validate that feedback, and refine the OSCAL SSP specification.
Dependencies:
This issue builds on prior work from #246 and the OSCAL implementation layer concepts defined in issues #213, #214 , #215 , #216, and #217.
SSP samples will be generated in issue #364. Concepts will be documented on the website in issue #363.
Acceptance Criteria
NOTE: A compliant FedRAMP SSP includes several attachments. Some of these documents contain very straight-forward structured data (such as system inventory), and some is strictly unstructured information (such as user guides). This effort will eventually include those highly structured attachments.
The text was updated successfully, but these errors were encountered: