Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Risks/Mitigations/Impacts in Table 7.1 External Systems/Services, interconnections, APIs, and CLIs without FedRAMP Auth [RESEARCH] #935

Open
brian-ruf opened this issue Nov 25, 2024 · 2 comments
Labels
enhancement New feature or request type: spike

Comments

@brian-ruf
Copy link
Collaborator

brian-ruf commented Nov 25, 2024

This is a ...

research - something needs to be investigated

This relates to OSCAL-based FedRAMP SSPs representing Table 7.1

User Story

As a creator of FedRAMP-compliant OSCAL SSP content, I need to better understand the Risks/Impact/Mitigation column in the Word SSP Template, Table 7.1 External Systems/Services, Interconnections, APIs, and CLIs Without FedRAMP Authorizations.

Screenshot 2024-11-25 105954 - SSP 7 1-Risks

In particular, I need to understand:

  • Are risks identified related to this table expected to be in the POA&M?
  • Does this column exist as an intended summary of the POA&M entry?

Goals

  • Simply the OSCAL representation of this column as much as possible.

Ideally, any associated risks in table 7.1 require a POA&M entry. OSCAL content can be linked to the entry, and tools can display the associated POA&M item(s) when FedRAMP reviews this table.

This enables a reviewer to see the complete and up-to-date risk picture for the associated risk, while simultaneously reducing data redundancy and eliminating the need to maintain the information in both places.

Dependencies

No response

Acceptance Criteria

  • All FedRAMP Documents Related to OSCAL Adoption (https://github.com/GSA/fedramp-automation) affected by the changes in this issue have been updated.
  • A Pull Request (PR) is submitted that fully addresses the goals of this User Story. This issue is referenced in the PR.

Other information

No response

@brian-ruf
Copy link
Collaborator Author

@brian-ruf posted the following in the FedRAMP Team channel on Google Chat prior to creating this issue. The above screen shot of Table 7.1 was included.:
image

The following initial response was received.
image

Trying to move the conversation to this issue.

@brian-ruf
Copy link
Collaborator Author

Additional chat response:
image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request type: spike
Projects
Status: 🆕 New
Development

No branches or pull requests

1 participant