AT - Githubissues

GovReady / security-stories-nist800-53

A collection of security related user stories compatible with NIST Special Publication 800-53

GNU General Public License v2.0

32 stars 15 forks source link

AT #7

Closed jlyon closed 7 years ago

jlyon commented 7 years ago

[ ] Combined AT-1 AT-2 AT-3 into one story

Question:

Does it make sense to combine these into one story?

gregelin commented 7 years ago

Let's try keeping AT-1 distinct and combining AT-2 and AT-3.

Each control family starts with XX-1 which is "polices and procedures." Symmetry would make sense. Also, the organization should have policies in place for each family already and the evidence for most projects should be pointing the org's existing policy.