Gary Gapinski
Gary Gapinski
#### Description of Problem: OpenSCAP does not include all XCCDF Rules (specified as selected in a chosen Profile) when producing an XCCDF guide. The Rules do not appear in the...
A close look at `plan-of-action-and-milestones` from a fedramp-automation perspective raises some observations and questions. ```xml POA&M Unit Test 2022-06-02T11:38:29Z latest 1.0.4 test twice finding 2022-06-02T11:38:29Z open nemesis is an old...
This PR was automatically created by Snyk using the credentials of a real user.Keeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of...
# Describe the bug An `implemented-requirement` implementation status can be "not-applicable". Guide to OSCAL-based FedRAMP System Security Plans §5.2 states "Every control must have at least one `responsible-role` defined.". The...
# Describe the bug 1. FedRAMP additional statements (`part` elements) are not identified as "response-points". This appears to be an oversight rather than deliberate (since requirements demand a declared implementation)....
This PR was automatically created by Snyk using the credentials of a real user.Keeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of...
# Describe the bug Unexplained differences between profiles. Contrast [this](https://github.com/GSA/fedramp-automation/blob/090e669e2bf177e03117e50e0389d56c422d0271/dist/content/baselines/rev4/xml/FedRAMP_rev4_MODERATE-baseline_profile.xml#L2063-L2071) with [this](https://github.com/GSA/fedramp-automation/blob/090e669e2bf177e03117e50e0389d56c422d0271/dist/content/baselines/rev4/xml/FedRAMP_rev4_HIGH-baseline_profile.xml#L2684-L2692). The former indicates it is a requirement; the latter just guidance. It seems unlikely that the two would...
* **This is a ...** - [X] **concern** - I think something needs to be different. - [ ] **question** - I didn't understand something. - [ ] **kudos** -...
### Describe the bug See https://pages.nist.gov/OSCAL/concepts/processing/profile-resolution/#d2e1377-head, which states > The output's backmatter MUST be generated by copying in each resource object from the backmatters of the imported catalogs/profiles in top-to-bottom...
# Describe the bug `oscal-cli` throws `Exception in thread "main" java.lang.NullPointerException` when resolving a profile. # Who is the bug affecting? Users of `oscal-cli` who wish to resolve a profile....