Ran through a validation of a high system, and it returned with the following error:
Text: A FedRAMP SSP must not include implemented controls beyond what is required for the applied baseline.
Error message: A FedRAMP SSP must implement 96 extraneous controls not needed given the selected profile: ac-2.11 ac-2.13 ac-4.8 ac-6.3 ac-6.7 ac-6.8 ac-7.2 ac-12.1 ac-18.3 ac-18.4 ac-18.5 at-3.3 at-3.4 au-3.2 au-5.1 au-5.2 au-6.4 au-6.5 au-6.6 au-6.7 au-6.10 au-9.3 au-10 au-12.1 au-12.3 ca-7.3 cm-3.1 cm-3.2 cm-3.4 cm-3.6 cm-4.1 cm-5.2 cm-6.2 cm-8.2 cm-8.4 cm-11.1 cp-2.4 cp-2.5 cp-3.1 cp-4.2 cp-6.2 cp-7.4 cp-8.3 cp-8.4 cp-9.2 cp-9.5 cp-10.4 ia-2.4 ia-2.9 ia-5.8 ia-5.13 ir-2.1 ir-2.2 ir-4.2 ir-4.3 ir-4.4 ir-4.6 ir-4.8 ir-5.1 ma-2.2 ma-4.3 ma-4.6 mp-6.1 mp-6.3 pe-3.1 pe-6.4 pe-8.1 pe-11.1 pe-13.1 pe-15.1 pe-18 ps-4.2 ra-5.4 ra-5.10 sa-12 sa-15 sa-16 sa-17 sc-3 sc-7.10 sc-7.20 sc-7.21 sc-12.1 sc-23.1 sc-24 si-2.1 si-4.11 si-4.18 si-4.19 si-4.20 si-4.22 si-4.24 si-5.1 si-7.2 si-7.5 si-7.14.
Checked it against the baseline profile, and the error is incorrect. These controls have a response point from the baseline profile released in march. Please review
these controls do have response points within the baseline profile.
cli validator, leveraging a high baseline. Attached is the SSP validated, as well as the xml and html validation report.
{Describe the impact the bug is having.}
When does this occur?
any time the validator is run against an ssp. SVRL report is attached
{Describe the conditions under which the bug is occurring.}
How do we replicate the issue?
{What are the steps to reproduce the behavior?}
Do this...
Then this...
See error
{If applicable, add screenshots to help explain your problem.}
Describe the bug
Ran through a validation of a high system, and it returned with the following error: Text: A FedRAMP SSP must not include implemented controls beyond what is required for the applied baseline. Error message: A FedRAMP SSP must implement 96 extraneous controls not needed given the selected profile: ac-2.11 ac-2.13 ac-4.8 ac-6.3 ac-6.7 ac-6.8 ac-7.2 ac-12.1 ac-18.3 ac-18.4 ac-18.5 at-3.3 at-3.4 au-3.2 au-5.1 au-5.2 au-6.4 au-6.5 au-6.6 au-6.7 au-6.10 au-9.3 au-10 au-12.1 au-12.3 ca-7.3 cm-3.1 cm-3.2 cm-3.4 cm-3.6 cm-4.1 cm-5.2 cm-6.2 cm-8.2 cm-8.4 cm-11.1 cp-2.4 cp-2.5 cp-3.1 cp-4.2 cp-6.2 cp-7.4 cp-8.3 cp-8.4 cp-9.2 cp-9.5 cp-10.4 ia-2.4 ia-2.9 ia-5.8 ia-5.13 ir-2.1 ir-2.2 ir-4.2 ir-4.3 ir-4.4 ir-4.6 ir-4.8 ir-5.1 ma-2.2 ma-4.3 ma-4.6 mp-6.1 mp-6.3 pe-3.1 pe-6.4 pe-8.1 pe-11.1 pe-13.1 pe-15.1 pe-18 ps-4.2 ra-5.4 ra-5.10 sa-12 sa-15 sa-16 sa-17 sc-3 sc-7.10 sc-7.20 sc-7.21 sc-12.1 sc-23.1 sc-24 si-2.1 si-4.11 si-4.18 si-4.19 si-4.20 si-4.22 si-4.24 si-5.1 si-7.2 si-7.5 si-7.14.
Checked it against the baseline profile, and the error is incorrect. These controls have a response point from the baseline profile released in march. Please review
these controls do have response points within the baseline profile.
Who is the bug affecting?
Anyone using the cli validator.
Is this report specifically related to the Word or Excel files from fedramp.gov?
If so, please do not open an issue here. Follow the guidance in this repository's README and contact info@fedramp..gov.
What version of OSCAL are you using? (Check our info on [supported OSCAL versions](https://github.com/GSA/fedramp-
1.02
What is affected by this bug?
cli validator, leveraging a high baseline. Attached is the SSP validated, as well as the xml and html validation report.
{Describe the impact the bug is having.}
When does this occur?
any time the validator is run against an ssp. SVRL report is attached {Describe the conditions under which the bug is occurring.}
How do we replicate the issue?
{What are the steps to reproduce the behavior?}
{If applicable, add screenshots to help explain your problem.}
Expected behavior (i.e. solution)
Validations.zip
All controls with response points should be identified with the validator and validate.