volpet2014
commented
1 year ago Automation Team agrees and has relaxed this to a warning in OEAW portal validations. Updates to fedramp-automation GH pending for this relaxation.
Closed Telos-sa closed 1 year ago
volpet2014
commented
1 year ago Automation Team agrees and has relaxed this to a warning in OEAW portal validations. Updates to fedramp-automation GH pending for this relaxation.
Describe the bug
When validating a FedRAMP OSCAL SAP, an error appears for included controls not being in the associated SSP when only the SAP has been uploaded.
What version of OSCAL are you using?
OSCAL version 1.0.0
How do we replicate the issue?
Run the following SAP through the validator: FedRAMP Example Project_OSCAL_SAP.json.zip
The following error appears in 4.1:
Expected behavior (i.e. solution)
Assertions involving the associated SSP should not be marked as errors when only the SAP is uploaded. Passing this test would require a full package with artifacts to be able to perform a cross reference.