David Waltermire
David Waltermire
During the 8/5 model meeting, there was discussion of back-matter chaining related to resolving resources (potentially across referenced documents). We need an example and clearer specification around how to handle...
Issue #567 was an earlier issues exploring this topic, with some suggestions around a way forward.
@iMichaela Not a fan of establishing an "OSCAL content police force" (I say this jokingly), or any similar committee. This doesn't scale well. I believe the best way (and probably...
@hahsanti The group ids are currently optional, but must be unique when provided. One driver to allow groups without ids is to allow the catalog author to decide which groups...
We discussed this on the 6/24 model review and agreed that group identifiers need to remain optional to avoid a backwards compatibility breaking change. This can be revisited in OSCAL...
As @iMichaela indicates, a `component` in a `component-definition` represents something which COULD be implemented within any information system. It isn't actually implemented until it appears in a `system-security-plan`. Both `/system-security-plan/control-implementation/implemented-requirement/statement/by-component/implementation-status`...
@degenaro The NIST team would be glad to work with you on a concrete example of how all of this works to test in your tooling. We are here to...
@galtm I fixed the broken link. This PR should be completely ready for review.
@iMichaela We will need narrative relating to a subset of controls for the upstream cloud system. Can you select a few controls and start drafting the narrative for them? This...
@wendellpiez We should take a stab at writing a better set of specification requirements. Perhaps we could do this and post a proposal in this issue?