Changes resulting in 2024-01-23 meeting

CycloneDX · Jan 23, 2024 · 9fbb410 · 9fbb410
1 parent 6fafef1
commit 9fbb410
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 34 deletions.
diff --git a/Attestations/en/0x10-Introduction.md b/Attestations/en/0x10-Introduction.md
@@ -31,6 +31,12 @@ We believe:
 * The use of Attestations will enable all forms of assessors, certifiers, and accreditors to more quickly evaluate compliance and provide feedback to producers
 * Attestations will enable faster compliance feedback loops and less surprises and delays
 
+## Intended Use Cases
+// TODO
+// * Supplier to consumer use case where the consumer requires adherence to something (e.g. SSDF)
+// * Internal use case where an internal policy is created from requirements defined in CDXA
+// * Regulatory and industry compliance requirements
+
 ## Tool Support
 
 Over time, we expect better tools for managing all aspects of security attestation to emerge. As a producer, imagine being able to select appropriate standards for a project, eliminate duplication, articulate compliance rationales, automatically generate and include supporting evidence, manage reviews, and digitally sign attestations. From the assessor point of view, imagine being able to quickly evaluate claims and evidence, easily identify changes, point out gaps, and digitally sign approvals.

diff --git a/Attestations/en/0x50-Documenting-Non-Conformance.md b/Attestations/en/0x50-Documenting-Non-Conformance.md
@@ -1,10 +1,10 @@
 # Documenting Non-Conformance
 TODO
 
-## Plan of Action and Milestones (POAM)
+## Mitigation Strategies
 TODO
 
-## Mitigation Strategies
+### Plan of Action and Milestones (POAM)
 TODO
 
 ## Counter Evidence

diff --git a/Attestations/en/0x70-Implementing.md b/Attestations/en/0x70-Implementing.md