Closed Telos-sa closed 8 months ago
Additionally, found that some of the documents that are triggering an errors are not identified as required.
Such as logo, master acronym list, and separation of duties.
Would be really great if this was reviewed for Rev 5, to ensure there are updated templates and clear guidance on what should be attached and defined "type" for documents, so the information is clearly represented.
@Telos-sa send the artifacts of our ZIP to FedRAMP with Dummy data.
As part of the early adopters workgroup, the rules associated with Schematron checks for back matter resources were relazed to warning level messages until the policy regarding rlink access as backmatter resources can be address fully.
This is a ...
This relates to ...
NOTE: For feedback related to the OSCAL syntax itself, please create or add to an issue in the NIST OSCAL Repository.
Where, exactly? CLI validation, the backmatter is a collection of artifacts that may not be referenced elsewhere in the document. This could be a logo, image, historical ssp, etc.... While not a direct reference, could support the information within the SSP or is leveraged for other submissions. Recommend reviewing the requirements for restrictions, since backmatter is not a separate model. IE, attaching an annual SAP as history, results as an error, because it is not associated or leveraged within the SSP, but provides historical context.
Provided the SSP validation and ssp where the errors were generated.
This will be helpful for gui tools that are leveraging the backmatter to collect every artifact associated with the accreditation boundary even under different models, and will support a single model generation where references associate beyond their parent.
Validations.zip
Would recommend having the artifact errors be informational in nature, but reduce the prevalence or structure so there is not as much noise in the production of a validation report.