As a FedRAMP PMO manager, in order to accommodate the fifth revision of NIST SP 800-53, I want OSCAL content created analogous to that created for the fourth revision of NIST SP 800-53.
Preconditions
[ ] Determine if FedRAMP has already manufactured OSCAL content for rev5.
[ ] Create one OSCAL XML profile via one or more XSLT transforms for each SP 800-53B Low, Moderate, and High baseline using input from v1.0.0NIST OSCAL SP 800-53 rev5 content, corresponding FedRAMP OSCAL rev4 profiles , and the rev4 to rev5 ODP mapping. Map FedRAMP rev4 profile customization artifacts to the corresponding rev5 profile customization artifacts. Prepare a composite list of novel (rev5) ODPs for FedRAMP to identify any FedRAMP-desired constraints.
[ ] Create OSCAL XML "resolved profile catalog" catalog documents for each baseline using the OSCAL profile resolution transform(s).
Definition of Done
[ ] Acceptance criteria met
[ ] Unit test coverage of our code > 95%
[ ] Automated code quality checks passed
[ ] Security reviewed and reported
[ ] Reviewed against plain language guidelines
[ ] Code must be self-documenting
[ ] No local tech debt
[ ] Load/performance tests passed – needs to be created/automated
[ ] Documentation updated
[ ] Architectural Decision Record completed as necessary for significant design choices
Extended Description
Preconditions
Acceptance Criteria
Story Tasks
catalog
via one or more XSLT transforms using input from NIST OSCAL SP 800-53 rev5 content.profile
via one or more XSLT transforms for each SP 800-53B Low, Moderate, and High baseline using input from v1.0.0 NIST OSCAL SP 800-53 rev5 content, corresponding FedRAMP OSCAL rev4 profiles , and the rev4 to rev5 ODP mapping. Map FedRAMP rev4 profile customization artifacts to the corresponding rev5 profile customization artifacts. Prepare a composite list of novel (rev5) ODPs for FedRAMP to identify any FedRAMP-desired constraints.catalog
documents for each baseline using the OSCAL profile resolution transform(s).Definition of Done