Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Specialize media-type constraints for each FedRAMP resource type #674

Open
Tracked by #811
aj-stein-gsa opened this issue Sep 10, 2024 · 1 comment
Open
Tracked by #811

Comments

@aj-stein-gsa
Copy link
Contributor

          > Also while working on this last night @david-waltermire, I realized we have a split between NIST and FedRAMP OSCAL values, but the `<base64/>` and `<rlink/>` assemblies do not have a `@ns` to clearly label that split and focus a constraint. It may be necessary to make an upstream issue and possible recommendation here, but I presume we can discuss further as a team at a later date.

I talked to @david-waltermire about this challenge and we are thinking about this constraint the wrong way. We can generally constrain all use of media types different from upstream without @ns, but also wisely limiting to a recommended or allow-list only set of media types only really makes sense specifically for respective attachments (i.e. FedRAMP has a notion of which back/matter-resources or in-line links for policies, user guides, etc., but not which of those have good respective filetypes).

On that note, Dave has asked me to close this PR and not merge, open new issue to track analysis, decision, and a more meaningfully complex set of constraints, not just a general one, for this series of requirements.

Originally posted by @aj-stein-gsa in #644 (comment)

@aj-stein-gsa aj-stein-gsa moved this from 🆕 New to 📋 Backlog in FedRAMP Automation Sep 10, 2024
@aj-stein-gsa aj-stein-gsa moved this from 📋 Backlog to 🔖 Ready in FedRAMP Automation Sep 10, 2024
@aj-stein-gsa
Copy link
Contributor Author

@david-waltermire asked we fast-track this one and move up the backlog to consider.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
Status: 🔖 Ready
Development

No branches or pull requests

1 participant