GSA / fedramp-automation

FedRAMP Automation
https://www.fedramp.gov/using-the-fedramp-oscal-resources-and-templates/
Other
290 stars 88 forks source link

[Feedback]: Guidance example for Leveraged FedRAMP Authorized services needs to be updated #749

Open vmangat opened 1 month ago

vmangat commented 1 month ago

This is a ...

request - need something additional provided

This relates to ...

What is your feedback?

The XPath Queries have been updated per the Rev5 table. The example and guidance for the new props are missing.

Implementation of the CRM in a leveraged system SSP and the accessing it in the leveraging system SSP needs a comprehensive analysis and POC before this guidance can be included.

There is a reference to an 18F data artifact that needs to be explained further as to where and how do we get access to these artifacts to ensure we can meet the guidance.

Where, exactly?

https://automate.fedramp.gov/documentation/ssp/4-ssp-template-to-oscal-mapping/#leveraged-fedramp-authorized-services image

image

image

Other information

No response

aj-stein-gsa commented 1 month ago

Thank you, these are good points. For future reference to the automation team: we should keep or adjust this issue here to discuss, plan, work, and track the modeling work alluded to (after we have some internal discussion about this). Additionally, we should make a separate issue to make necessary addtions, changes, and deletions in a separate issue on GSA/automate.fedramp.gov.

More to follow, @vmangat, thanks for reporting this issue and the others.