diff --git a/dist/content/resources/json/FedRAMP_extensions.json b/dist/content/resources/json/FedRAMP_extensions.json index f99f6f53e..c44c74b05 100644 --- a/dist/content/resources/json/FedRAMP_extensions.json +++ b/dist/content/resources/json/FedRAMP_extensions.json @@ -5,9 +5,9 @@ "uuid": "BA710064-79AC-47D5-8F70-6749B359E7E2", "metadata": { "title": "[EXPERIMENTAL] FedRAMP Extensions", - "published": "2021-08-12T12:38:01Z", - "last-modified": "2021-08-12T12:38:01Z", - "version": "fedramp1.1.0-oscal1.0.0", + "published": "2021-10-22T05:55:26Z", + "last-modified": "2021-10-22T05:55:26Z", + "version": "fedramp1.2.1-oscal1.0.0", "oscal-version": "oscal-1.0.0", "revisions": { "revision": [ @@ -60,6 +60,16 @@ "#text": "6b286b5d-8f07-4fa7-8847-1dd0d88f73fb" }, "remarks": {"p": "Updated version reviewed for fedramp1.1.0-oscal1.0.0 release."} + }, + { + "published": "2021-10-22T05:55:26Z", + "version": "fedramp1.2.1-oscal1.0.0", + "prop": { + "name": "party-uuid", + "ns": "https://fedramp.gov/ns/oscal", + "#text": "6b286b5d-8f07-4fa7-8847-1dd0d88f73fb" + }, + "remarks": {"p": "Fix missed updates for target and touch-ups from review for fedramp1.2.1-oscal1.0.0 release."} } ] }, @@ -732,46 +742,6 @@ } } }, - { - "id": "port", - "extension-name": "port", - "formal-name": "Interconnection Port", - "description": "A port used by the interconnection for the communication.", - "binding": {"pattern": "/o:system-security-plan/o:system-implementation/o:component[@type='interconnection']/o:prop"}, - "constraint": { - "matches": {"data-type": "string"}, - "has-cardinality": { - "min-occurs": 1, - "max-occurs": "unbounded" - }, - "expect": {"test": ".[@class]"} - } - }, - { - "id": "transport-type", - "extension-name": "transport-type", - "formal-name": "Transport Type", - "description": "The internet protocol transport type.", - "binding": {"pattern": "o:component[@component-type='service']/o:protocol/o:port-range/@transport"}, - "constraint": { - "matches": {"data-type": "token"}, - "allowed-values": { - "allow-other": "no", - "enum": [ - { - "value": "tcp", - "short-label": "TCP", - "#text": "TCP" - }, - { - "value": "udp", - "short-label": "UDP", - "#text": "UDP" - } - ] - } - } - }, { "id": "inventory-item-state", "extension-name": "inventory-item-state", @@ -1111,7 +1081,7 @@ "extension-name": "control-objective-implementation-status", "formal-name": "Objective Implementation Status", "description": "Indicates the implementation status of the control objective.", - "binding": {"pattern": "/o:assessment-results/o:results/o:finding/o:objective-status/o:prop"}, + "binding": {"pattern": "/o:assessment-results/o:results/o:finding/o:target/o:prop"}, "constraint": { "matches": {"data-type": "token"}, "has-cardinality": { @@ -1175,7 +1145,7 @@ "extension-name": "leveraged-authorization-uuid", "formal-name": "Leveraged Authorization", "description": "Indicates a leveraged authorization used for this control.", - "binding": {"pattern": "/o:assessment-results/o:results/o:finding/o:objective-status/o:prop"}, + "binding": {"pattern": "/o:assessment-results/o:results/o:finding/o:target/o:prop"}, "constraint": { "matches": {"data-type": "uuid"}, "has-cardinality": { @@ -2200,6 +2170,11 @@ "short-label": "Agreement", "#text": "Agreement" }, + { + "value": "isa-agreement", + "short-label": "Agreement", + "#text": "Interconnection Security Agreement" + }, { "value": "incident-response-plan", "short-label": "IRP", @@ -2420,10 +2395,10 @@ } }, { - "name": "system-operational-status", + "name": "operational-status", "formal-name": "Operational Status (system)", "description": "The operational status of the system", - "binding": {"pattern": "/o:system-security-plan/o:system-characteristics/o:status/@state"}, + "binding": {"pattern": "o:status/@state"}, "allowed-values": { "allow-other": "no", "enum": [ @@ -2437,6 +2412,11 @@ "short-label": "Development", "#text": "Under Development" }, + { + "value": "under-major-modification", + "short-label": "Major Mod.", + "#text": "Major Modification" + }, { "value": "disposition", "short-label": "Alternative", diff --git a/dist/content/resources/json/fedramp_threats.json b/dist/content/resources/json/fedramp_threats.json index 71d35e4c2..b16195245 100644 --- a/dist/content/resources/json/fedramp_threats.json +++ b/dist/content/resources/json/fedramp_threats.json @@ -4,9 +4,9 @@ "uuid": "7539047F-158B-4AA0-8FC5-F0530F1CC5CF", "metadata": { "title": "FedRAMP Defined Threat Table [Experimental]", - "published": "2021-08-12T12:38:01Z", - "last-modified": "2021-08-12T12:38:01Z", - "version": "fedramp1.1.0-oscal1.0.0", + "published": "2021-10-22T05:55:26Z", + "last-modified": "2021-10-22T05:55:26Z", + "version": "fedramp1.2.1-oscal1.0.0", "revisions": { "revision": [ { @@ -48,6 +48,16 @@ "#text": "6b286b5d-8f07-4fa7-8847-1dd0d88f73fb" }, "remarks": {"p": "Updated version reviewed for fedramp1.1.0-oscal1.0.0 releasess."} + }, + { + "published": "2021-10-22T05:55:26Z", + "version": "fedramp1.2.1-oscal1.0.0", + "prop": { + "name": "party-uuid", + "ns": "https://fedramp.gov/ns/oscal", + "#text": "6b286b5d-8f07-4fa7-8847-1dd0d88f73fb" + }, + "remarks": {"p": "Fix missed updates for target and touch-ups from review for fedramp1.2.1-oscal1.0.0 release."} } ] }, diff --git a/dist/content/resources/json/fedramp_values.json b/dist/content/resources/json/fedramp_values.json index 6cdeae2b1..bf6e0de2e 100644 --- a/dist/content/resources/json/fedramp_values.json +++ b/dist/content/resources/json/fedramp_values.json @@ -4,9 +4,9 @@ "metadata": { "title": "[EXPERIMENTAL] FedRAMP Defined Identifiers and Accepted Values", "title-short": "FedRAMP Data Values (Experimental)", - "published": "2021-08-12T12:38:01Z", - "last-modified": "2021-08-12T12:38:01Z", - "version": "fedramp1.1.0-oscal1.0.0", + "published": "2021-10-22T05:55:26Z", + "last-modified": "2021-10-22T05:55:26Z", + "version": "fedramp1.2.1-oscal1.0.0", "author": "FedRAMP PMO", "description": "This EXPERIMENTAL file provides the FedRAMP defined identifiers and acceptable values in a machine-readable format.", "remarks": "" @@ -463,10 +463,10 @@ "remarks": "FedRAMP only allows information types defined in NIST SP 800-60v2r1." }, { - "name": "system-operational-status", + "name": "operational-status", "formal-name": "Operational Status (system)", "description": "The operational status of the system", - "binding": {"pattern": "system-characteristics/status/@state"}, + "binding": {"pattern": "status/@state"}, "allowed-values": { "allow-other": "no", "enum": [ @@ -498,37 +498,6 @@ ] } }, - { - "name": "component-operational-status", - "formal-name": "Operational Status (component)", - "description": "The operational status of the component", - "binding": {"pattern": "component/status/@state"}, - "allowed-values": { - "allow-other": "no", - "enum": [ - { - "value": "operational", - "short-label": "Operational", - "#text": "Operational" - }, - { - "value": "under-development", - "short-label": "Development", - "#text": "Under Development" - }, - { - "value": "disposition", - "short-label": "Alternative", - "#text": "Alternative Implementation" - }, - { - "value": "other", - "short-label": "Other", - "#text": "Other" - } - ] - } - }, { "name": "user-type", "formal-name": "User Type", @@ -621,7 +590,7 @@ "name": "interconnection-direction", "formal-name": "Interconnection Direction", "description": "Identifies the direction of information flow for the interconnection.", - "binding": {"pattern": "component[@component-type='interconnection']/prop[@name='direction'][@ns='https://fedramp.gov/ns/oscal']"}, + "binding": {"pattern": "component[@component-type='interconnection']/prop[@name='interconnection-direction'][@ns='https://fedramp.gov/ns/oscal']"}, "allowed-values": { "allow-other": "no", "enum": [ @@ -647,7 +616,7 @@ "name": "interconnection-security", "formal-name": "Interconnection Security", "description": "Identifies the type of security applied to the interconnection.", - "binding": {"pattern": "component[@component-type='interconnection']/prop[@name='connection-security'][@ns='https://fedramp.gov/ns/oscal']/@value"}, + "binding": {"pattern": "component[@component-type='interconnection']/prop[@name='interconnection-security'][@ns='https://fedramp.gov/ns/oscal']/@value"}, "allowed-values": { "allow-other": "no", "enum": [ @@ -662,14 +631,19 @@ "#text": "Virtual Private Network" }, { - "value": "ssl", - "short-label": "SSL", - "#text": "Secure Socket Layer" + "value": "tls", + "short-label": "TLS", + "#text": "Transport-Layer Security" + }, + { + "value": "dtls", + "short-label": "TLS", + "#text": "Transport-Layer Security" }, { "value": "certificate", "short-label": "Cert", - "#text": "Certificate" + "#text": "Certificate Authentication Security" }, { "value": "secure-file-transfer", @@ -1187,6 +1161,11 @@ "short-label": "Agreement", "#text": "Agreement" }, + { + "value": "isa-agreement", + "short-label": "Agreement", + "#text": "Interconnection Security Agreement" + }, { "value": "incident-response-plan", "short-label": "IRP", diff --git a/dist/content/resources/json/information-types.json b/dist/content/resources/json/information-types.json index 72e721fd3..d04d386b9 100644 --- a/dist/content/resources/json/information-types.json +++ b/dist/content/resources/json/information-types.json @@ -4,9 +4,9 @@ "uuid": "157BB1F7-8BE7-4642-9D5B-60B5995684F0", "metadata": { "title": "FedRAMP Acceptable Information Types (Experimental)", - "published": "2021-08-12T12:38:01Z", - "last-modified": "2021-08-12T12:38:01Z", - "version": "fedramp1.1.0-oscal1.0.0", + "published": "2021-10-22T05:55:26Z", + "last-modified": "2021-10-22T05:55:26Z", + "version": "fedramp1.2.1-oscal1.0.0", "revisions": { "revision": [ { @@ -48,6 +48,16 @@ "#text": "6b286b5d-8f07-4fa7-8847-1dd0d88f73fb" }, "remarks": {"p": "Updated version reviewed for fedramp1.1.0-oscal1.0.0 release."} + }, + { + "published": "2021-10-22T05:55:26Z", + "version": "fedramp1.2.1-oscal1.0.0", + "prop": { + "name": "party-uuid", + "ns": "https://fedramp.gov/ns/oscal", + "#text": "6b286b5d-8f07-4fa7-8847-1dd0d88f73fb" + }, + "remarks": {"p": "Fix missed updates for target and touch-ups from review for fedramp1.2.1-oscal1.0.0 release."} } ] }, diff --git a/dist/content/resources/xml/FedRAMP_extensions.xml b/dist/content/resources/xml/FedRAMP_extensions.xml index 9286f356a..f5c6fc941 100644 --- a/dist/content/resources/xml/FedRAMP_extensions.xml +++ b/dist/content/resources/xml/FedRAMP_extensions.xml @@ -3,9 +3,9 @@ xmlns="http://csrc.nist.gov/ns/oscal/1.0" uuid="BA710064-79AC-47D5-8F70-6749B359E7E2" > [EXPERIMENTAL] FedRAMP Extensions - 2021-08-12T12:38:01Z - 2021-08-12T12:38:01Z - fedramp1.1.0-oscal1.0.0 + 2021-10-22T05:55:26Z + 2021-10-22T05:55:26Z + fedramp1.2.1-oscal1.0.0 oscal-1.0.0 @@ -48,6 +48,14 @@

Updated version reviewed for fedramp1.1.0-oscal1.0.0 release.

 + + 2021-10-22T05:55:26Z + fedramp1.2.1-oscal1.0.0 + 6b286b5d-8f07-4fa7-8847-1dd0d88f73fb + +

Fix missed updates for target and touch-ups from review for fedramp1.2.1-oscal1.0.0 release.

+ + @@ -449,32 +457,6 @@ - - port - Interconnection Port - A port used by the interconnection for the communication. - - - - - - - - - - transport-type - Transport Type - The internet protocol transport type. - - - - - TCP - UDP - - - - inventory-item-state Different states of inventory items: public, private, et cetera. @@ -701,7 +683,7 @@ control-objective-implementation-status Objective Implementation Status Indicates the implementation status of the control objective. - + @@ -732,7 +714,7 @@ leveraged-authorization-uuid Leveraged Authorization Indicates a leveraged authorization used for this control. - + @@ -1251,6 +1233,7 @@ Personal Identifiable Information (PII) Agreement + Interconnection Security Agreement Incident Response Plan Incident Security Policies and Procedures User Guide @@ -1359,13 +1342,14 @@ - + Operational Status (system) The operational status of the system - + Operational Under Development + Major Modification Alternative Implementation Other diff --git a/dist/content/resources/xml/fedramp_threats.xml b/dist/content/resources/xml/fedramp_threats.xml index 7f8cb66e1..016c84c2e 100644 --- a/dist/content/resources/xml/fedramp_threats.xml +++ b/dist/content/resources/xml/fedramp_threats.xml @@ -3,9 +3,9 @@ FedRAMP Defined Threat Table [Experimental] - 2021-08-12T12:38:01Z - 2021-08-12T12:38:01Z - fedramp1.1.0-oscal1.0.0 + 2021-10-22T05:55:26Z + 2021-10-22T05:55:26Z + fedramp1.2.1-oscal1.0.0 2019-06-01T00:00:00.00-04:00 @@ -39,6 +39,14 @@

Updated version reviewed for fedramp1.1.0-oscal1.0.0 releasess.

 + + 2021-10-22T05:55:26Z + fedramp1.2.1-oscal1.0.0 + 6b286b5d-8f07-4fa7-8847-1dd0d88f73fb + +

Fix missed updates for target and touch-ups from review for fedramp1.2.1-oscal1.0.0 release.

+ + diff --git a/dist/content/resources/xml/fedramp_values.xml b/dist/content/resources/xml/fedramp_values.xml index 54417a2bc..49de533ae 100644 --- a/dist/content/resources/xml/fedramp_values.xml +++ b/dist/content/resources/xml/fedramp_values.xml @@ -3,9 +3,9 @@ [EXPERIMENTAL] FedRAMP Defined Identifiers and Accepted Values FedRAMP Data Values (Experimental) - 2021-08-12T12:38:01Z - 2021-08-12T12:38:01Z - fedramp1.1.0-oscal1.0.0 + 2021-10-22T05:55:26Z + 2021-10-22T05:55:26Z + fedramp1.2.1-oscal1.0.0 FedRAMP PMO This EXPERIMENTAL file provides the FedRAMP defined identifiers and acceptable values in a machine-readable format. @@ -214,10 +214,10 @@ FedRAMP only allows information types defined in NIST SP 800-60v2r1. - + Operational Status (system) The operational status of the system - + Operational Under Development @@ -227,18 +227,6 @@ - - Operational Status (component) - The operational status of the component - - - Operational - Under Development - Alternative Implementation - Other - - - User Type Identifies the user type. @@ -277,7 +265,7 @@ Interconnection Direction Identifies the direction of information flow for the interconnection. - + Incoming Outgoing @@ -288,12 +276,13 @@ Interconnection Security Identifies the type of security applied to the interconnection. - + IPsec Virtual Private Network - Secure Socket Layer - Certificate + Transport-Layer Security + Transport-Layer Security + Certificate Authentication Security Secure File Transfer Other @@ -467,6 +456,7 @@ Personal Identifiable Information (PII) Agreement + Interconnection Security Agreement Incident Response Plan Incident Security Policies and Procedures User Guide diff --git a/dist/content/resources/xml/information-types.xml b/dist/content/resources/xml/information-types.xml index fc0963ed0..426f70709 100644 --- a/dist/content/resources/xml/information-types.xml +++ b/dist/content/resources/xml/information-types.xml @@ -2,9 +2,9 @@ FedRAMP Acceptable Information Types (Experimental) - 2021-08-12T12:38:01Z - 2021-08-12T12:38:01Z - fedramp1.1.0-oscal1.0.0 + 2021-10-22T05:55:26Z + 2021-10-22T05:55:26Z + fedramp1.2.1-oscal1.0.0 2019-06-01T00:00:00.00-04:00 @@ -38,6 +38,14 @@

Updated version reviewed for fedramp1.1.0-oscal1.0.0 release.

 + + 2021-10-22T05:55:26Z + fedramp1.2.1-oscal1.0.0 + 6b286b5d-8f07-4fa7-8847-1dd0d88f73fb + +

Fix missed updates for target and touch-ups from review for fedramp1.2.1-oscal1.0.0 release.

+ + Transmitted Information   - - n/a - 1 to ∞ - n/a - n/a - n/a - -

Interconnection Port

-

A port used by the interconnection for the communication.

- - -

prop

- - -

port

- - -

/o:system-security-plan/o:system-implementation/o:component[@type='interconnection']/o:prop

- - string -   -   - - n/a 1 to ∞ @@ -894,7 +870,7 @@

Objective Implementation Status

control-objective-implementation-status

-

/o:assessment-results/o:results/o:finding/o:objective-status/o:prop

+

/o:assessment-results/o:results/o:finding/o:target/o:prop

token   @@ -918,7 +894,7 @@

Leveraged Authorization

leveraged-authorization-uuid

-

/o:assessment-results/o:results/o:finding/o:objective-status/o:prop

+

/o:assessment-results/o:results/o:finding/o:target/o:prop

uuid   diff --git a/documents/Guide_to_OSCAL-based_FedRAMP_Plan_of_Action_and_Milestones_(POAM).pdf b/documents/Guide_to_OSCAL-based_FedRAMP_Plan_of_Action_and_Milestones_(POAM).pdf index ef36ef75b..c87dcca5b 100644 Binary files a/documents/Guide_to_OSCAL-based_FedRAMP_Plan_of_Action_and_Milestones_(POAM).pdf and b/documents/Guide_to_OSCAL-based_FedRAMP_Plan_of_Action_and_Milestones_(POAM).pdf differ diff --git a/documents/Guide_to_OSCAL-based_FedRAMP_Security_Assessment_Plans_(SAP).pdf b/documents/Guide_to_OSCAL-based_FedRAMP_Security_Assessment_Plans_(SAP).pdf index 703048ea9..3a1bcc068 100644 Binary files a/documents/Guide_to_OSCAL-based_FedRAMP_Security_Assessment_Plans_(SAP).pdf and b/documents/Guide_to_OSCAL-based_FedRAMP_Security_Assessment_Plans_(SAP).pdf differ diff --git a/documents/Guide_to_OSCAL-based_FedRAMP_Security_Assessment_Reports_(SAR).pdf b/documents/Guide_to_OSCAL-based_FedRAMP_Security_Assessment_Reports_(SAR).pdf index 1e63b6404..40b9bd112 100644 Binary files a/documents/Guide_to_OSCAL-based_FedRAMP_Security_Assessment_Reports_(SAR).pdf and b/documents/Guide_to_OSCAL-based_FedRAMP_Security_Assessment_Reports_(SAR).pdf differ diff --git a/src/content/resources/xml/FedRAMP_extensions.xml b/src/content/resources/xml/FedRAMP_extensions.xml index 61f48cf62..f5c6fc941 100644 --- a/src/content/resources/xml/FedRAMP_extensions.xml +++ b/src/content/resources/xml/FedRAMP_extensions.xml @@ -3,9 +3,9 @@ xmlns="http://csrc.nist.gov/ns/oscal/1.0" uuid="BA710064-79AC-47D5-8F70-6749B359E7E2" > [EXPERIMENTAL] FedRAMP Extensions - 2021-08-12T12:38:01Z - 2021-08-12T12:38:01Z - fedramp1.1.0-oscal1.0.0 + 2021-10-22T05:55:26Z + 2021-10-22T05:55:26Z + fedramp1.2.1-oscal1.0.0 oscal-1.0.0 @@ -48,6 +48,14 @@

Updated version reviewed for fedramp1.1.0-oscal1.0.0 release.

 + + 2021-10-22T05:55:26Z + fedramp1.2.1-oscal1.0.0 + 6b286b5d-8f07-4fa7-8847-1dd0d88f73fb + +

Fix missed updates for target and touch-ups from review for fedramp1.2.1-oscal1.0.0 release.

+ + @@ -675,7 +683,7 @@ control-objective-implementation-status Objective Implementation Status Indicates the implementation status of the control objective. - + @@ -706,7 +714,7 @@ leveraged-authorization-uuid Leveraged Authorization Indicates a leveraged authorization used for this control. - + diff --git a/src/content/resources/xml/fedramp_threats.xml b/src/content/resources/xml/fedramp_threats.xml index 7f8cb66e1..016c84c2e 100644 --- a/src/content/resources/xml/fedramp_threats.xml +++ b/src/content/resources/xml/fedramp_threats.xml @@ -3,9 +3,9 @@ FedRAMP Defined Threat Table [Experimental] - 2021-08-12T12:38:01Z - 2021-08-12T12:38:01Z - fedramp1.1.0-oscal1.0.0 + 2021-10-22T05:55:26Z + 2021-10-22T05:55:26Z + fedramp1.2.1-oscal1.0.0 2019-06-01T00:00:00.00-04:00 @@ -39,6 +39,14 @@

Updated version reviewed for fedramp1.1.0-oscal1.0.0 releasess.

 + + 2021-10-22T05:55:26Z + fedramp1.2.1-oscal1.0.0 + 6b286b5d-8f07-4fa7-8847-1dd0d88f73fb + +

Fix missed updates for target and touch-ups from review for fedramp1.2.1-oscal1.0.0 release.

+ + diff --git a/src/content/resources/xml/fedramp_values.xml b/src/content/resources/xml/fedramp_values.xml index 6adac6545..49de533ae 100644 --- a/src/content/resources/xml/fedramp_values.xml +++ b/src/content/resources/xml/fedramp_values.xml @@ -3,9 +3,9 @@ [EXPERIMENTAL] FedRAMP Defined Identifiers and Accepted Values FedRAMP Data Values (Experimental) - 2021-08-12T12:38:01Z - 2021-08-12T12:38:01Z - fedramp1.1.0-oscal1.0.0 + 2021-10-22T05:55:26Z + 2021-10-22T05:55:26Z + fedramp1.2.1-oscal1.0.0 FedRAMP PMO This EXPERIMENTAL file provides the FedRAMP defined identifiers and acceptable values in a machine-readable format. diff --git a/src/content/resources/xml/information-types.xml b/src/content/resources/xml/information-types.xml index fc0963ed0..426f70709 100644 --- a/src/content/resources/xml/information-types.xml +++ b/src/content/resources/xml/information-types.xml @@ -2,9 +2,9 @@ FedRAMP Acceptable Information Types (Experimental) - 2021-08-12T12:38:01Z - 2021-08-12T12:38:01Z - fedramp1.1.0-oscal1.0.0 + 2021-10-22T05:55:26Z + 2021-10-22T05:55:26Z + fedramp1.2.1-oscal1.0.0 2019-06-01T00:00:00.00-04:00 @@ -38,6 +38,14 @@

Updated version reviewed for fedramp1.1.0-oscal1.0.0 release.

 + + 2021-10-22T05:55:26Z + fedramp1.2.1-oscal1.0.0 + 6b286b5d-8f07-4fa7-8847-1dd0d88f73fb + +

Fix missed updates for target and touch-ups from review for fedramp1.2.1-oscal1.0.0 release.

+ + [System Name] FedRAMP Security Assessment Report (SAR) - 2021-02-25T00:00:00.00-04:00 - 2021-06-09T14:27:48.374-04:00 - fedramp1.1.0-oscal1.0.0 + 2021-10-22T02:22:00.000-04:00 + 2021-10-22T02:22:00.000-04:00 + fedramp1.2.1-oscal1.0.0 1.0.0 @@ -831,10 +831,10 @@ Remediation Title

A description of the recommended remediation.

-

TCW: Assessor's recommended remediation (type='recommendation').

-

Scans: Tool's recommended remediation (type='recommendation')

-

Pen Test: Assessor's recommended remediation (type='recommendation')

-

RET: Assessor's recommended remediation (type='recommendation').

+

TCW: Assessor's recommended remediation (lifecycle="recommendation").

+

Scans: Tool's recommended remediation (lifecycle="recommendation")

+

Pen Test: Assessor's recommended remediation (lifecycle="recommendation")

+

RET: Assessor's recommended remediation (lifecycle="recommendation").

POA&M: CSP's intended remediation (no type flag).

 @@ -871,10 +871,10 @@ <description> <p>A description of the recommended remediation.</p> - <p>TCW: Assessor's recommended remediation (type='recommendation').</p> - <p>Scans: Tool's recommended remediation (type='recommendation')</p> - <p>Pen Test: Assessor's recommended remediation (type='recommendation')</p> - <p>RET: Assessor's recommended remediation (type='recommendation').</p> + <p>TCW: Assessor's recommended remediation (lifecycle="recommendation").</p> + <p>Scans: Tool's recommended remediation (lifecycle="recommendation")</p> + <p>Pen Test: Assessor's recommended remediation (lifecycle="recommendation")</p> + <p>RET: Assessor's recommended remediation (lifecycle="recommendation").</p> <p>POA&M: CSP's intended remediation (no type flag).</p> </description> <origin>