Closed Telos-sa closed 1 year ago
When validating a FedRAMP OSCAL SAP, an error appears for included controls not being in the associated SSP when only the SAP has been uploaded.
OSCAL version 1.0.0
Run the following SAP through the validator: FedRAMP Example Project_OSCAL_SAP.json.zip
The following error appears in 4.1:
Assertions involving the associated SSP should not be marked as errors when only the SAP is uploaded. Passing this test would require a full package with artifacts to be able to perform a cross reference.
Automation Team agrees and has relaxed this to a warning in OEAW portal validations. Updates to fedramp-automation GH pending for this relaxation.
Describe the bug
When validating a FedRAMP OSCAL SAP, an error appears for included controls not being in the associated SSP when only the SAP has been uploaded.
What version of OSCAL are you using?
OSCAL version 1.0.0
How do we replicate the issue?
Run the following SAP through the validator: FedRAMP Example Project_OSCAL_SAP.json.zip
The following error appears in 4.1:
Expected behavior (i.e. solution)
Assertions involving the associated SSP should not be marked as errors when only the SAP is uploaded. Passing this test would require a full package with artifacts to be able to perform a cross reference.