Document: System-Security-Plan generation

[brandtkeller]

Research and documentation for how Lula will generate and operate on a system-security-plan.

Objective

Establish a document for system-security-plan that evolves as research develops around:

• The purpose of a system-security-plan generically
• component-definition mapping to system-security-plan
• How Lula performs this mapping during generation
• Expectations for hybrid (automation/manual) authorship of the artifact

Consider this a research spike that also educates/informs others about opinionation of Lula workflows. Human readable format means a lower barrier to entry for external expertise to evaluate and challenge assumptions.

[CloudBeard]

Moving to backlog. Focus is on EOQ goal and issue is currently outside of scope.