-
Notifications
You must be signed in to change notification settings - Fork 96
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Example SSP Reflecting Latest FedRAMP OSCAL Modeling #925
base: develop
Are you sure you want to change the base?
Conversation
in fedramp_extensions.feature file line 13 |
… into example-ssp
…djusted components to align with Ports, protocols, Services approach
src/content/rev5/examples/ssp/xml/fedramp-ssp-example.oscal.xml
Outdated
Show resolved
Hide resolved
@@ -0,0 +1,139 @@ | |||
# UUIDs for Examples |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If this is important for all of our stakeholders to know (aka we are going to reject their package if they don't name their UUIDs correctly), it may be worth making a diagram to add to this file. (It could be worth it anyways just for the sake of clarity and so that different visual learners can understand this because I'm having trouble parsing it out)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@kyhu65867 this is only for creating examples with easier-to-read UUIDs. Our stakeholders should not be using this for real packages.
The idea was to have consistency in how these example UUIDs appear from one example to the next. It was in response to feedback we had received about the difficulty of following examples with truly random UUIDs (as is their nature) and balancing that against other feedback that all our examples should be valid. (Thus preventing us from using things like component-uuid="[uuid-of-component]"
which is easier to understand, but invalid.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That said, I agree a diagram is helpful and I'll work on something when I'm done the analysis work.
Committer Notes
This PR contains an OSCAL SSP Example File that reflects revisions to the way required FedRAMP content is modeled in OSCAL.
All Submissions:
By submitting a pull request, you are agreeing to provide this contribution under the CC0 1.0 Universal public domain dedication.