Michaela Iorga
Michaela Iorga
This bug is being fixed upstream (see https://github.com/usnistgov/metaschema-xslt/issues/105 and https://github.com/usnistgov/metaschema-xslt/pull/108 there a WIP PR exists towards supporting choice). Once [metaschema-xslt/#105](https://github.com/usnistgov/metaschema-xslt/issues/105) is fixed and the JSON catalog schema gets updated, the...
Please also note, neither of the JSON or XML templates are valid, and also, that AC-1 has errors in the template. There is no AC-1.b.1 and AC-1.b.2, there is AC-1.b...
@JoseGHdz - my note was more of a reminder. I do not represent FedRAMP team - I represent NIST OSCAL team but we all want to support FedRAMP team that...
@brandtkeller - my earlier suggestion was that the SSP should document the security controls of the testing environment, at minimum under the 'this-system' component. Any deployed component for testing/pre-assessment gets...
The PR is from March when @wandmagic was working on examples for the prototype models. The intention is to allow for development of content (examples) for the prototype models (not...
@wendellpiez , @SParekh and @david-waltermire-nist - I agree we need to take action and address it since it keeps coming back. We could: 1- document the dependency requirement in the...
@aj-stein-nist - privacy baseline is different than the security baseline, because it is listing control enhancements without the parent controls. This is because the privacy baseline assumes they're si already...
@GaryGapinski and @Telos-sa - We apologize not reviewing this reported bug under the latest release. It might have been addressed but I would like to review it more thoroughly and...
### 10/05/2023 analysis ### ` "this-system"` is one of many types of [components](https://pages.nist.gov/OSCAL-Reference/models/v1.1.1/system-security-plan/xml-reference/#/system-security-plan/system-implementation/component) that can be defined in an SSP. OSCAL allows local definitions for the component's type, or can...
Preliminary reviews: oscal_leveraged-example_ssp.xml is missing (see your branch), a component: ``` Application An application within the IaaS, exposed to SaaS customers and their downstream customers. This Leveraged IaaS maintains aspects...