[Feedback]: components[@type=validation]props[prop@name=cryptographic-module-usage]

[Telos-sa]

This is a ...

question - need to understand something

This relates to ...

• [ ] the FedRAMP OSCAL Registry
• [ ] the FedRAMP OSCAL baselines
• [ ] the Guide to OSCAL-based FedRAMP Content
• [X] the Guide to OSCAL-based FedRAMP System Security Plans (SSP)
• [ ] the Guide to OSCAL-based FedRAMP Security Assessment Plans (SAP)
• [ ] the Guide to OSCAL-based FedRAMP Security Assessment Results (SAR)
• [ ] the Guide to OSCAL-based FedRAMP Plan of Action and Milestones (POA&M)
• [ ] the FedRAMP SSP OSCAL Template (JSON or XML Format)
• [ ] the FedRAMP SAP OSCAL Template (JSON or XML Format)
• [ ] the FedRAMP SAR OSCAL Template (JSON or XML Format)
• [ ] the FedRAMP POA&M OSCAL Template (JSON or XML Format)
• [ ] the FedRAMP OSCAL Validations

What is your feedback?

There are three tables in the SSP Appendix Q template for cryptographic modules (https://www.fedramp.gov/assets/resources/templates/SSP-Appendix-Q-Cryptographic-Modules-Table.docx). Data at Rest, Data in Transit, and Other.
FedRAMP has provided guidance with props for data-at-rest and data-in-transit. There is no instruction for how to handle the other cryptographic components.

Should the prop[@name= cryptographic-module-usage] be excluded when the module has not been identified as in transit, or at rest. Or should we leverage "other" to denote the other elements.

Where, exactly?

components[@type=validation]props[prop@name=cryptographic-module-usage]

Other information

No response