Brian Ruf
Brian Ruf
Can you clarify which model (catalog, profile, component, or ssp) and field?
This appears to be an issue of having an out-of-date schema file. The issue is that it is expecting a field named "last-modified-date", and instead found a field named "last-modified"...
Case Study: As mentioned in the issue above, the SSP model includes a system inventory. FedRAMP requires a CSP to deliver the entire SSP (including system inventory) to FedRAMP annually....
@bradh I'm open to any solution that allows OSCAL file fragments. This came up verbally a few weeks ago with @david-waltermire-nist and @wendellpiez, but other topics overshadowed our plan to...
@wendellpiez, simply putting system-inventory at the root may be valid syntax, but does not address the requirement. Any inventory fragment must at least include the system name, system owner's organization...
@wendellpiez I don't think it's an alternative model. We want all the syntax to be identical. I like the idea of generating a relaxed schema. Perhaps each model should have...
I have another use case for this topic. FedRAMP maintains a [standard list of citations](https://www.fedramp.gov/assets/resources/templates/SSP-A12-FedRAMP-Laws-and-Regulations-Template.xlsx) in an Excel spreadsheet, which applies to all FedRAMP artifacts. This could be expressed in...
@david-waltermire-nist @wendellpiez I've managed to find a work-around to my primary use case related to this feature. I already need a ```local-definitions``` assembly in the SAP, SAR, and POA&M for...
@sunstonesecure-robert as I understand it FedRAMP will take fully compliant OSCAL with appropriate FedRAMP extensions. We are still ramping up our tool set so we aren't quite pushing for OSCAL...
@david-waltermire / @iMichaela / @wendellpiez there is a lot going on in this thread, and it's difficult to respond to everything. @david-waltermire it's not so much that I don't remember...