Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix implemented-component references in the example SSP #1049

Open
1 of 7 tasks
Rene2mt opened this issue Dec 27, 2024 · 0 comments
Open
1 of 7 tasks

Fix implemented-component references in the example SSP #1049

Rene2mt opened this issue Dec 27, 2024 · 0 comments
Assignees
@Rene2mt
Labels
enhancement New feature or request model: ssp scope: examples

Comments

@Rene2mt
Copy link
Member

Rene2mt commented Dec 27, 2024

This is a ...

fix - something needs to be different

This relates to ...

  • the FedRAMP OSCAL baselines
  • the FedRAMP SSP OSCAL Example
  • the FedRAMP SAP OSCAL Example
  • the FedRAMP SAR OSCAL Example
  • the FedRAMP POA&M OSCAL Example
  • the FedRAMP OSCAL Validations
  • the Not sure

User Story

As a FedRAMP stakeholder, I need the example SSP to demonstrate how to document a FedRAMP inventory in OSCAL so that I the inventories I create and submit to FedRAMP meets their requirements.

Goals

Currently, the <implemented-component> assemblies in the example FedRAMP SSP have invalid component-uuids. The inventory items all reference the following UUIDs, but there are no components in the example SSP that have those UUIDs:

  • 11111111-2222-4000-8000-009000000007
  • 11111111-2222-4000-8000-009000000008
  • 11111111-2222-4000-8000-009000000011
  • 11111111-2222-4000-8000-009000000018

Need to fix all implemented-component/@component-uuid references to point to valid components.

Additional, we may need to add a constraint in the core OSCAL metaschema to ensure that whenever an inventory-item has an implemented-component/@component-uuid reference, it must reference a valid component UUID. We could add this (temporarily) in the FedRAMP external constraints as a workaround.

Dependencies

No response

Acceptance Criteria

  • All FedRAMP Documents Related to OSCAL Adoption (https://github.com/GSA/fedramp-automation) affected by the changes in this issue have been updated.
  • A Pull Request (PR) is submitted that fully addresses the goals of this User Story. This issue is referenced in the PR.

Other information

No response
@Rene2mt Rene2mt moved this from 🆕 New to 📋 Backlog in FedRAMP Automation Dec 27, 2024
@Rene2mt Rene2mt moved this from 📋 Backlog to 🔖 Ready in FedRAMP Automation Dec 27, 2024
@Rene2mt Rene2mt self-assigned this Dec 27, 2024
@Rene2mt Rene2mt mentioned this issue Dec 27, 2024
Open
7 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Rene2mt Rene2mt

Labels
enhancement New feature or request model: ssp scope: examples
Projects
FedRAMP Automation
Status: 🔖 Ready
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Rene2mt