Skip to content
This repository has been archived by the owner on Dec 12, 2023. It is now read-only.

Check Control Implementation Summary #101

Closed
10 of 18 tasks
ohsh6o opened this issue Jun 16, 2021 · 0 comments · Fixed by #138
Closed
10 of 18 tasks

Check Control Implementation Summary #101

ohsh6o opened this issue Jun 16, 2021 · 0 comments · Fixed by #138
Assignees
@GaryGapinski
Labels
story task it's a task
Milestone
Sprint 6

Comments

@ohsh6o
Copy link

ohsh6o commented Jun 16, 2021
edited by GaryGapinski
Loading

Extended Description

As a FedRAMP reviewer, to ensure proper completion of necessary supporting artifacts for a complete SSP and overall FedRAMP package, I want validations to check and indicate errors when the PControl Implementation Summary (CIS) Workbook is not properly defined.

(Part of #98)

Preconditions

  • None at this time

Acceptance Critera

  • A clear, explanatory validation message with an associated test indicating the Control Implementation Summary (CIS) Workbook is or is not properly defined in OSCAL.

Story Tasks

  • Tasks...

Definition of Done

  • Acceptance criteria met - Each user story should meet the acceptance criteria in the description
  • Unit test coverage of our code > 90% (from QASP) this may be fuzzy and hard to prove
  • Code quality checks passed - Enable html tidy with XML code standards as part of the build (from QASP)
  • Accessibility: (from QASP) as we create guidance or documentation and reports (semantic tagging including aria tags): demonstrate with 0 errors reported for WCAG 2.1 AA standards using an automated scanner and 0 errors reported in manual testing
  • Code reviewed - Code reviewed by at least one other team members (or developed by a pair)
  • Source code merged - Code that’s demoed must be in source control and merged
  • Code must successfully build and deploy into staging environment (from QASP): this may evolve from xslt sh pipline into something more
  • Security reviewed and reported - Conduct vulnerability and compliance scanning. threat modeling?
  • Code submitted must be free of medium- and high-level static and dynamic security vulnerabilities (from QASP)
  • Usability tests passed - Each user story should be easy to use by target users (development community? FedRAMP FART team)
  • Usability testing and other user research methods must be conducted at regular intervals throughout the development process (not just at the beginning or end). (from QASP)
  • Code refactored for clarity - Code must be clean, self-documenting
  • No local design debt
  • Load/performance tests passed - test data needed - saxon instrumentation
  • Documentation generated - update readme or contributing markdown as necessary.
  • Architectural Decision Record completed as necessary for significant design choices
@ohsh6o ohsh6o added story task it's a task labels Jun 16, 2021
@GaryGapinski GaryGapinski self-assigned this Jul 1, 2021
@sstatz sstatz added this to the Sprint 5 milestone Jul 1, 2021
@sstatz sstatz modified the milestones: Sprint 5, Sprint 6 Jul 14, 2021
@ohsh6o ohsh6o linked a pull request Jul 14, 2021 that will close this issue
Control Implementation Summary #121
Closed
@GaryGapinski GaryGapinski changed the title Check CIS Workbook Check Control Implementation Summary Jul 21, 2021
@GaryGapinski GaryGapinski mentioned this issue Jul 22, 2021
Merged
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@GaryGapinski GaryGapinski

Labels
story task it's a task
Projects
None yet
Milestone
Sprint 6
3 participants
@GaryGapinski @sstatz @ohsh6o