As an ASAP Developer, in order to provide FedRAMP reviewers confirmation that penetration test findings have the correct references, I want to identify and match findings with observations and risks.
NOTE FOR BLOCKAGE
Read the 4.9 section of SAR guide to confirm that no previous issue has already corrected the items described.
Also confirm that this is not a general requirement for findings rather than just for pen test findings.
Acceptance Criteria
[ ] All Schematron assertion messages are declarative statements which affirm the positive test outcome.
[ ] All Schematron assertion diagnostic messages are declarative statements which explain the negative test outcome.
[ ] The Schematron code has no assertion failures when validated using src/validations/styleguides/sch.sch using the basic phase.
[ ] XSpec unit tests for positive and negative Schematron assertion outcomes accompany all Schematron assertions (where feasible).
Story Tasks
[ ] Tasks…
Definition of Done
[ ] Acceptance criteria met
[ ] Unit test coverage of our code > 95%
[ ] Automated code quality checks passed
[ ] Security reviewed and reported
[ ] Reviewed against plain language guidelines
[ ] Code must be self-documenting
[ ] No local tech debt
[ ] Load/performance tests passed – needs to be created/automated
[ ] Documentation updated
[ ] Architectural Decision Record completed as necessary for significant design choices
Extended Description
NOTE FOR BLOCKAGE Read the 4.9 section of SAR guide to confirm that no previous issue has already corrected the items described. Also confirm that this is not a general requirement for findings rather than just for pen test findings.
Acceptance Criteria
src/validations/styleguides/sch.schusing thebasicphase.Story Tasks
Definition of Done