Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Example SSP Reflecting Latest FedRAMP OSCAL Modeling #925

Open
wants to merge 53 commits into
base: develop
Choose a base branch
from

Conversation

brian-ruf
Copy link
Contributor

Committer Notes

This PR contains an OSCAL SSP Example File that reflects revisions to the way required FedRAMP content is modeled in OSCAL.

All Submissions:

By submitting a pull request, you are agreeing to provide this contribution under the CC0 1.0 Universal public domain dedication.

@brian-ruf brian-ruf changed the base branch from master to develop November 21, 2024 17:20
@wandmagic
Copy link

in fedramp_extensions.feature file line 13
Add your in progress SSP into the test runner so the github actions can capture validity of this SSP
src/content/rev5/examples/ssp/xml/FedRAMP-SSP-Example.OSCAL.xml

@brian-ruf brian-ruf marked this pull request as ready for review December 3, 2024 16:54
@brian-ruf brian-ruf requested a review from a team as a code owner December 3, 2024 16:54
@aj-stein-gsa aj-stein-gsa mentioned this pull request Dec 3, 2024
5 tasks
@@ -0,0 +1,139 @@
# UUIDs for Examples

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If this is important for all of our stakeholders to know (aka we are going to reject their package if they don't name their UUIDs correctly), it may be worth making a diagram to add to this file. (It could be worth it anyways just for the sake of clarity and so that different visual learners can understand this because I'm having trouble parsing it out)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@kyhu65867 this is only for creating examples with easier-to-read UUIDs. Our stakeholders should not be using this for real packages.

The idea was to have consistency in how these example UUIDs appear from one example to the next. It was in response to feedback we had received about the difficulty of following examples with truly random UUIDs (as is their nature) and balancing that against other feedback that all our examples should be valid. (Thus preventing us from using things like component-uuid="[uuid-of-component]" which is easier to understand, but invalid.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That said, I agree a diagram is helpful and I'll work on something when I'm done the analysis work.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants