Open JessicaMarine1 opened 1 year ago
@johnbeallgsa We plan to address all the controls that are partially implemented and not implemented via separate user stories for each control in the SSPP.
Tri will receive an email before planning (on the Thursday before) about each user story we plan to groom for the next sprint. He will verify whether or not the stories impact security in any way. Once vetted by Tri, a security label will be added to the story indicating that work on the story may proceed.
Also, a monthly meeting with Tri/Enechi has been set up to review security questions/concerns.
Closing ticket. The above-stated process and other controls are in place to prevent development that would impact system security. Approved by @johnbeallgsa
The purpose of this story is to determine how to track changes to the system's code in order to comply with the ATO.
Talk with the developers about possible approaches to satisfy this requirement.
Talk with Security (Tri & Arpan) about what change control looks like moving forward.
Hold for Code Freeze
Also, this should be tracked on the program and 889 sites, as well.