Open JJediny opened 3 years ago
Archer team is suggesting setting it up using a push method. We'd have them commit the testing results to a Github repo and our automated job would pick them up and inject them into Archer. This would make things easy for them as they wouldn't need to work with the Archer API themselves, and it would ensure consistency with automated data input etc.
Last I heard (can't find the notes), the plan is to focus on getting inheritance in place for on-prem systems. Inheritance for cloud-based (AWS, cloud.gov) systems will come later.
Let's look to split this issue up into smaller chunks, e.g. SSPs vs. POAMs vs. import/export …
Archer team is currently working on resolving some issues as a result of a failed upgrade. Do not expect to be able to act on this prior till their issue being resolved.
Background information
Long term our team is responsible for TTS System's Security Plans as our Director is the AO for TTS. GSA IT SecOps uses RSA Archer for FISMA reporting, SSP and PO&AM management, etc.
Implementation steps
Acceptance criteria
There is documentation that answers (or at least has placeholders for) the following: