Telos has begun working on the SAP and SAR models. During our investigation we have identified 52 Response points for Objectives in the OSCAL High Baseline Catalog profile that deviate from the list level / naming convention in the SAP-AA FedRAMP High Security Test Case Procedures.
This is a ...
[ X ] fix - Something needs to be different.
[ X ] enhancement - Something could be better.
[ X ] investigation - Something needs to be investigated further.
This relates to ...
[ X ] the FedRAMP SAP OSCAL Template (JSON or XML Format)
[ X ] the FedRAMP SAR OSCAL Template (JSON or XML Format)
[ X ] the FedRAMP POA&M OSCAL Template (JSON or XML Format)
[ X ] General/Overall
[ X ] Other
NOTE: For issues related to the OSCAL syntax itself, please create or add to an issue in the NIST OSCAL Repository.
Describe the problem or enhancement
Requesting review of the following Objectives and either additional test procedures included in the next FedRAMP Security test Case Procedures release, or guidance/details to confirm that these 3 response points are new/ additional tests.
Telos has begun working on the SAP and SAR models. During our investigation we have identified 52 Response points for Objectives in the OSCAL High Baseline Catalog profile that deviate from the list level / naming convention in the SAP-AA FedRAMP High Security Test Case Procedures.
This is a ...
[ X ] fix - Something needs to be different. [ X ] enhancement - Something could be better. [ X ] investigation - Something needs to be investigated further. This relates to ...
[ X ] the FedRAMP SAP OSCAL Template (JSON or XML Format) [ X ] the FedRAMP SAR OSCAL Template (JSON or XML Format) [ X ] the FedRAMP POA&M OSCAL Template (JSON or XML Format) [ X ] General/Overall [ X ] Other NOTE: For issues related to the OSCAL syntax itself, please create or add to an issue in the NIST OSCAL Repository.
Describe the problem or enhancement Requesting review of the following Objectives and either additional test procedures included in the next FedRAMP Security test Case Procedures release, or guidance/details to confirm that these 3 response points are new/ additional tests.
<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:x="urn:schemas-microsoft-com:office:excel" xmlns="http://www.w3.org/TR/REC-html40">
FedRAMP OSCAL | Assessment Procedure -- | -- CM-2[1] | | CM-2.a.1 CM-2[2] | | CM-2.a.2 CM-2(1)(c) | | CM-2(1).c.1 CM-6(b) | | CM-6.b.1 CM-7(5)(b) | | CM-7.5.b.1 CM-8(5) | | CM-8(5).1 CM-10(a) | | CM-10.a.1 CM-10(b) | | CM-10.b.1 CM-10(c) | | CM-10.c.1 CP-2(8) | | CP-2(8).1 CP-3(1) | | CP-3(1).1 CP-4(1) | | CP-4(1).1 CP-6(1) | | CP-6(1).1 CP-6(2) | | CP-6(2).1 CP-7(1) | | CP-7(1).1 CP-7(3) | | CP-7(3).1 CP-7(4) | | CP-7(4).1 CP-8(2) | | CP-8(2).1 CP-8(3) | | CP-8(3).1 CP-9(2) | | CP-9(2).1 CP-10(2) | | CP-10(2).1 IA-2(1) | | IA-2(1).1 IA-2(2) | | IA-2(2).1 IA-2(3) | | IA-2(3).1 IA-2(4) | | IA-2(4).1 IA-2(5) | | IA-2(5).1 IA-2(8) | | IA-2(8).1 IA-2(9) | | IA-2(9).1 IA-5(6) | | IA-5(6).1 IA-6 | | IA-6.1 IA-7 | | IA-7.1 IA-8(2) | | IA-8(2).1 IA-8(4) | | IA-8(4).1 IR-2(1) | | IR-2(1).1 IR-2(2) | | IR-2(2).1 IR-4(1) | | IR-4(1).1 IR-4(4) | | IR-4(4).1 IR-4(6) | | IR-4(6).1 IR-7(1) | | IR-7(1).1 PE-3(a)[2] | | PE-3.a.2.1 PL-2(c)[2] | | PL-2.c SA-4(1) | | SA-4(1).1 SA-4(10) | | SA-4(10).1 SA-10(1) | | SA-10(1).1 SA-11(1) | | SA-11(1).1 SA-11(8) | | SA-11(8).1 SI-2(1) | | SI-2(1).1 SI-3(1) | | SI-3(1).1 SI-3(2) | | SI-3(2).1 SI-3(7) | | SI-3(7).1 SI-4(2) | | SI-4(2).1 SI-4(16) | | SI-4(16).1 SI-5(1) | | SI-5(1).1