Closed mogul closed 1 year ago
@albionzeglin-gsa this ticket has the links to google docs of the SSPPs
I have reviewed the front sections of the Data.gov SSPP at https://docs.google.com/document/d/11le1yfXjGlk6pOpXryVH4TSJNsSBgp9X/edit?usp=sharing&ouid=113511966954817069922&rtpof=true&sd=true there are only very minimal changes on this one, so just need someone to look at the few places where I commented to either confirm no changes needed or make the applicable updates re references to Solr. I will take a first pass at the SSB SSPP as well.
Took a pass at SSB SSPP. Changes needed in front section are minimal. https://docs.google.com/document/d/1SzqVjIDowxtfjWljXDUM8xzO8zzoQPq1/edit?usp=sharing&ouid=113511966954817069922&rtpof=true&sd=true
@hkdctol reviewed both docs, and all comments are addressed. Please let me know if you have anything additional.
@albionzeglin-gsa I think what you could do now is given that the problems/remaining issues are described in https://docs.google.com/document/d/1_2GroL3kkzgWePPcNhzRD6SFDc-5Kt0ic8DiZln_TAs/edit?usp=sharing you can start to look at the control sections of SSB SSPP and Data.gov SSPP and start commenting on which sections may need an update once we've finally settled on Solr questions.
@albionzeglin-gsa as you're looking at the control sections, can you confirm that the docs are following the current template and if there are any format/template/numbering changes, go ahead and start making those?
Reviewed again in light of Solr leader-follower, there are 1-2 changes only in the SSB document (front sections not controls)
just making one more change to diagram, before migration
Here's the PR to update the diagram... Once this is approved/merged, I'll copypasta into the Google Doc. https://github.com/GSA/datagov-compliance/pull/32
Since we have handled the front section of the SSPP's, will mark this one as done and create a new ticket for the continuing work on controls.
This was completed
User Story
In order to satisfy assessment and authorization needs, data.gov's GSA ISSM wants the SSB SSP to accurately reflect recent changes to the EKS broker.
Acceptance Criteria
[ACs should be clearly demoable/verifiable whenever possible. Try specifying them using BDD.]
Background
For reference, this is the companion data.gov SSPP
Security Considerations (required)
This documentation update is required by the NIST RMF process. It's done as a separate, individually-tracked effort because we don't yet have a way to do this continuously as part of our technical implementation.
Sketch
New "SSPP" form document
Known-needed topics: