[X] the Guide to OSCAL-based FedRAMP System Security Plans (SSP)
[X] the Guide to OSCAL-based FedRAMP Security Assessment Plans (SAP)
[X] the Guide to OSCAL-based FedRAMP Security Assessment Results (SAR)
[X] the Guide to OSCAL-based FedRAMP Plan of Action and Milestones (POA&M)
[X] the FedRAMP SSP OSCAL Template (JSON or XML Format)
[X] the FedRAMP SAP OSCAL Template (JSON or XML Format)
[X] the FedRAMP SAR OSCAL Template (JSON or XML Format)
[X] the FedRAMP POA&M OSCAL Template (JSON or XML Format)
[X] the FedRAMP OSCAL Validations
What is your feedback?
When creating backmatter, what is the recommendation for all appendices that are associated with the SSP? Specifically Appendix B, L, E (content that is defined as included in the legacy SSP but NOT included in OSCAL.
For systems with complex appendices (Q, M). What is the guidance for attaching instead of integrating into the SSP?
Where, exactly?
Appendix L -
should a record of each law be a created resource in the back-matter?
If a record of each is included, should this record also include the laws that are pre-defined by FedRAMP, or only additive? Else, if attaching the appendix, which props should it have (policy, laws, standards?) Is there a specific naming convention that will support the OSCAL validation?
Appendix B -
Same as above, should each acronym be included as a resource in the backmatter, or the appendix? If just the appendix, should the prop be acronym?
This is a ...
request - need something additional provided
This relates to ...
What is your feedback?
When creating backmatter, what is the recommendation for all appendices that are associated with the SSP? Specifically Appendix B, L, E (content that is defined as included in the legacy SSP but NOT included in OSCAL.
For systems with complex appendices (Q, M). What is the guidance for attaching instead of integrating into the SSP?
Where, exactly?
Appendix L -
should a record of each law be a created resource in the back-matter? If a record of each is included, should this record also include the laws that are pre-defined by FedRAMP, or only additive? Else, if attaching the appendix, which props should it have (policy, laws, standards?) Is there a specific naming convention that will support the OSCAL validation?
Appendix B - Same as above, should each acronym be included as a resource in the backmatter, or the appendix? If just the appendix, should the prop be acronym?
Other information
No response