fedramp-automation icon indicating copy to clipboard operation
fedramp-automation copied to clipboard
verified publisher icon GSA

Expanding Applicable Acronyms (source: 18F/fedramp-automation: 293)

Open danielnaab opened this issue 3 years ago • 0 comments

Original issue: https://github.com/18F/fedramp-automation/issues/293

Extended Description As a FedRAMP reviewer, in order to understand acronyms used in glossary items when used in FedRAMP package content as contextually relevant, I want the acronyms to be expandable/expanded on first use.

Preconditions

  • [ ] Design and implementation of underlying arch for glossary terms in 18F#285.

Acceptance Criteria

  • acronyms & initialisms are spelled out somewhere and can be expanded

Story Tasks

  • [ ] An ADR about how to encode acronyms in the OSCAL data and FedRAMP validation rules: if different from 18F#285 a separate ADR, if the same amend the ADR to describe use of it for acronyms
  • [ ] A method for declaring glossary-terms in a structured way in the OSCAL and/or rules Schematron validations to highlight the presence of terminology
  • [ ] UI interface components that visualize identify acronyms and make them expandable

Definition of Done

  • [ ] Acceptance criteria met - Each user story should meet the acceptance criteria in the description
  • [ ] Unit test coverage of our code > 90% (from QASP) this may be fuzzy and hard to prove
  • [ ] Code quality checks passed (from QASP)
  • [ ] Accessibility: (from QASP) as we create guidance or documentation and reports (semantic tagging including aria tags): demonstrate with 0 errors reported for WCAG 2.1 AA standards using an automated scanner and 0 errors reported in manual testing
  • [ ] Code reviewed - Code reviewed by at least one other team members (or developed by a pair)
  • [ ] Source code merged - Code that’s demoed must be in source control and merged
  • [ ] Code must successfully build and deploy into staging environment (from QASP): this may evolve from xslt sh pipline into something more
  • [ ] Security reviewed and reported - Conduct vulnerability and compliance scanning. threat modeling?
  • [ ] Code submitted must be free of medium- and high-level static and dynamic security vulnerabilities (from QASP)
  • [ ] Usability tests passed - Each user story should be easy to use by target users (development community? FedRAMP FART team)
  • [ ] Usability testing and other user research methods must be conducted at regular intervals throughout the development process (not just at the beginning or end). (from QASP)
  • [ ] Code refactored for clarity - Code must be clean, self-documenting
  • [ ] No local design debt
  • [ ] Load/performance tests passed - test data needed - saxon instrumentation
  • [ ] Documentation generated - update readme or contributing markdown as necessary.
  • [ ] Architectural Decision Record completed as necessary for significant design choices

danielnaab avatar Oct 25 '22 21:10 danielnaab