Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SSP Completeness Checks [EPIC] #803

Open
14 tasks
brian-ruf opened this issue Oct 23, 2024 · 0 comments
Open
14 tasks

SSP Completeness Checks [EPIC] #803

brian-ruf opened this issue Oct 23, 2024 · 0 comments
Assignees

Comments

@brian-ruf
Copy link
Contributor

brian-ruf commented Oct 23, 2024

This is a ...

fix - something needs to be different

This relates to ...

  • the Guide to OSCAL-based FedRAMP System Security Plans (SSP)
  • the FedRAMP SSP OSCAL Template (JSON or XML Format)
  • the FedRAMP OSCAL Validations

User Story

This reflects Stage 1A, SSP Completeness portion of the FedRAMP Automation Team's Constraint Management Strategy [Assess: FedRAMP only] for grouping and prioritizing constraint work.

Using the Legacy Word SSP Template as a reference, the FedRAMP Automation Team will work on SSP-related completeness checks that can be implemented via metaschema constraints in the following sequence and groupings:

The following SSP template topic areas are deferred pending modeling and analysis work:

  • 11 Separation of Duties: Defer this until the Separation of Duties matrix is properly modeled.
  • Appendix Q Cryptographic Modules Table
  • 10 Cryptographic Modules Implemented for Data At Rest (DAR)/Data In Transit (DIT)

The following SSP template topics will be generated, and will not have completeness checks:

  • Appendix J Control Implementation Summary (CIS) and Customer Responsibilities Matrix (CRM) Workbook

OSCAL based SSPs and POA&Ms are treated as separate artifacts. As such, Appendix O POA&M from the FedRAMP SSP Word template is not within the scope of SSP completeness checks and will instead be treated as a separate workstream under the constraint strategy.

Goals

SSP Completeness checks are defined, tested and documented

Task List

@brian-ruf brian-ruf added the enhancement New feature or request label Oct 23, 2024
@brian-ruf brian-ruf removed the enhancement New feature or request label Oct 24, 2024
@aj-stein-gsa aj-stein-gsa moved this from 🆕 New to 🔍 Active Objectives and Issues in FedRAMP Automation Oct 29, 2024
@brian-ruf brian-ruf changed the title Completeness Checks [EPIC] SSP Completeness Checks [EPIC] Nov 11, 2024
@brian-ruf brian-ruf self-assigned this Nov 21, 2024
@brian-ruf brian-ruf moved this from 🏗 In progress to 🔍 Active Objectives and Issues in FedRAMP Automation Dec 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
Status: 🔍 Active Objectives and Issues
Development

No branches or pull requests

1 participant