Leveraged Authorizations, External Systems, Interconnections, and Unauthorized Systems

[brian-ruf]

As an implementer of tools to create FedRAMP-compliant OSCAL-based SSP content, I need the documentation for leveraged authorizations, interconnections, and Unauthorized Systems to be accurate and up-to-date.

GSA/fedramp-automation#807 and GSA/fedramp-automation#808 provide revised FedRAMP OSCAL content modeling for:

• Leveraged Authorizations (FedRAMP Rev 5 Word Template table 6.1)
• External Systems and Services not having a FedRAMP Authorization(FedRAMP Rev 5 Word Template table 7.1)

These issues lay out the following scenarios:

• Leveraged Authorization
• Authorized Service of a Leveraged Authorization
• Non-Authorized Service of a Leveraged Authorization
• An interconnection between this system and an external system
• A service from an external system other than the leveraged system
• A service from this system offered to external systems
• A CLI that connects to leveraged or external systems

There are many similarities and a few subtle, yet important differences between these scenarios. Each must be represented in the documentation and explained. They are best created/revised collectively.