fedramp-automation icon indicating copy to clipboard operation
fedramp-automation copied to clipboard

Published 20 hours ago verified publisher icon GSA

Inconsistent naming convention between NIST OSCAL Requirements and FedRAMP Requirements

Open Telos-sa opened this issue 1 year ago • 1 comments

Describe the bug

FedRAMP naming convention of parts within terms-and-conditions deviates from the requirement found in NIST.

Who is the bug affecting?

Anyone following nist guidelines for 1.0.4 trying to validate in fedramp validation tool for AP.

What version of OSCAL are you using?

1.0.4

What is affected by this bug?

fedRAMP Validator.

When does this occur?

When validating parts for terms and conditions. The assessment-inclusions from NIST is named included-activities in FedRAMP validator, the assessment-exclusions is named excluded-activities, and the liability-limitations is not defined by NIST at all.

image image

image image

Expected behavior (i.e. solution)

Naming convention needs to be standardized between the FedRAMP use-case and the NIST required naming convention.

Other Comments

Telos-sa avatar Apr 25 '23 19:04 Telos-sa

image

Telos-sa avatar Apr 25 '23 19:04 Telos-sa