Open Telos-sa opened 2 months ago
concern - something needs to be different
The props for leveraged-authorizations seems to have the same/similar data elements based on the use of these elements in the overall ssp.
For example. In system-characteristic/prop[@name=authorization-type] FedRAMP has defined the following as allowed values:
However, for the leveraged-authorizations the 'li-saas' option seems to have switched to the prop for impact level.
The allowed values for impact level seem to be a reflection of the sources security-sensitivity-level
But the values defined in leveraged-authorizations do not follow the same format.
system-implementation/leveraged-authorizations/props
Recommendation: system-implementation/leveraged-authorizations/prop[@name=impact-level] allowed values == OSCAL allowed values for system-characteristics/security-sensitivity-level
system-implementation/leveraged-authorizations/prop[@name=authorization-type] allowed values == system-characteristics/prop[@name=authorization-type]
Update the guide to reflect this change, with more detail in leveraged authorizations, Update the SSP template Leveraged Services table to reflect the change in the headers.
This is a ...
concern - something needs to be different
This relates to ...
What is your feedback?
The props for leveraged-authorizations seems to have the same/similar data elements based on the use of these elements in the overall ssp.
For example. In system-characteristic/prop[@name=authorization-type] FedRAMP has defined the following as allowed values:
However, for the leveraged-authorizations the 'li-saas' option seems to have switched to the prop for impact level.
The allowed values for impact level seem to be a reflection of the sources security-sensitivity-level
But the values defined in leveraged-authorizations do not follow the same format.
Where, exactly?
system-implementation/leveraged-authorizations/props
Other information
Recommendation: system-implementation/leveraged-authorizations/prop[@name=impact-level] allowed values == OSCAL allowed values for system-characteristics/security-sensitivity-level
system-implementation/leveraged-authorizations/prop[@name=authorization-type] allowed values == system-characteristics/prop[@name=authorization-type]
Update the guide to reflect this change, with more detail in leveraged authorizations, Update the SSP template Leveraged Services table to reflect the change in the headers.