aws-allowlister icon indicating copy to clipboard operation
aws-allowlister copied to clipboard

Published 20 hours ago verified publisher icon salesforce

FedRAMP high services in 3PAO/JAB status are added to JSON policy

Open ndvrich opened this issue 2 years ago • 0 comments

I used this tool to generate an SCP for FedRAMP High services restriction, and I noticed a few services that were added into the "NotAction" section in the resulting JSON that show a current status of "3PAO Assessment" or "JAB Review" on the AWS Services in Scope page for FedRAMP compliance. These should not have been added into the JSON, as they are not yet fully approved.

In my case, as of the time of this issue creation, that included the following services:

  • application-autoscaling (JAB Review)
  • wafv2 (3PAO Assessment)

Oddly, the Single Sign-On (sso) service which appears to be in JAB Review status did not get added to the resulting JSON.

Steps to re-create: pip3 install aws-allowlister aws-allowlister generate --fedramp-high --quiet > fedramp-high.json

Resulting JSON file zipped and attached.

fedramp-high.json.zip

ndvrich avatar Nov 01 '22 17:11 ndvrich