search

GSA / fedramp-automation

FedRAMP Automation
https://www.fedramp.gov/using-the-fedramp-oscal-resources-and-templates/
Other
256 stars 74 forks source link

OSCAL SSP Guide and cli-validator do not identify type for PIA #420

Closed Telos-sa closed 9 months ago

Telos-sa commented 1 year ago

Describe the bug

The guide does not identify an expected type for an attached PIA. As such, there is an error for unknown type of attachment.
image image

Who is the bug affecting?

Anyone submitting a PIA with their SSP.

Is this report specifically related to the Word or Excel files from fedramp.gov?

Related to the guide, and cli validation tool.

What version of OSCAL are you using? (Check our info on supported OSCAL versions)

1.0.2

What is affected by this bug?

Attaching PIA, without defining the type.

Expected behavior (i.e. solution)

Invert the requirement type, to look for missing documents, instead of reporting the extra documents that are included but not defined.

This would be simila Validations.zip r to the controls rule. If all of the documents that are expected to see are there, no error, else, generate an error informing them to attach an additional document.

Telos-sa commented 1 year ago

@Telos-sa validate that this is relaxed, and then close with comment