Closed ohsh6o closed 3 years ago
ohsh6o
commented
3 years ago @danielnaab and @GaryGapinski: sorry, this was/is overdue. Per our conversation today, I will be making some clarifying changes and pointing more towards guidance for you with a minimally viable documentation validation approach.
I think this fits well into yet another ADR, and this will kick off an issue guiding further modifications to FedRAMP OSCAL Guide PDF updates upstream. Will begin working on this, well, ASAP. :-)
GaryGapinski
commented
3 years ago I added some Schematron for base64 instances of attachments.
For @media-type validation, we should decide what types are acceptable.
ohsh6o
commented
3 years ago For @media-type validation, we should decide what types are acceptable.
I was unable to get a clear answer from the FedRAMP PMO about what they accept for now, so we can choose to accept all, or make a tactical decision and add it to the FedRAMP values files. There are no practical limits today, but I know the most popular file types are Microsoft Office, various PDF formats, and perhaps a couple of the most common image formats. Not sure there will be much else in the way of media types, @GaryGapinski.
Per conversation in Slack and #52, separate out this task to discuss with FedRAMP PMO or make a correct determination.