Open Telos-sa opened 2 weeks ago
In the near term, separation of duties needs to be attached via back-matter. FedRAMP documentation will be updated to clarify this.
Longer term, there is a proposal for modifications to support representing separation of duties in the OSCAL models:
This is a ...
request - need something additional provided
This relates to ...
What is your feedback?
When validating an OSCAL SSP with the enhanced oscal-cli (v2.2.0) and the fedramp-external-constraints.xml, the oscal-cli yields the following validation error: [ERROR] [/system-security-plan/back-matter[1]] A FedRAMP SSP must have a Separation of Duties Matrix attached.
We were under the impression that the separation of duties is defined in system-implementation>users>authorized-privileges>functions-performed like so:
Is there a Separation of Duties document that is supposed to be linked in back-matter? Or how is this supposed to be attached?
Where, exactly?
Other information
No response