FEATURE REQUEST: Creation of "A&A Action" Collection

[mayszs]

This is to summarize the conversation from the OSS Office Hours on 3/28/2023 with clearly defined requirements/capabilities. The discussion was to make it possible to create a Collection that would become a "Snapshot" in time to support A&A actions like Annual Security Reviews, Use Case Submissions or Package Accreditations. Requested functionalities:

1. Create an “A&A Collection” that allows the copying of a collection, subset of devices a/o STIGs
2. Ability to define the Version and Release Number of STIGs applicable to this collection.
3. Ability to sync any changes made to STIGs in the “A&A Collection” back to the source collection(s) but no changes made in the source collection(s) will be applied to the “A&A Collection”
4. Ability to output an inventory of all checklists grouped by STIG assignment within the “A&A Collection” for validation of SAP compliance. The ability to upload the approved SAP and have STIGMan provide a comparison report with deltas would be of significant value.
5. Provide Metrics of collection focused on assessment status only. Submitted, Accepted or Rejected workflow statuses would not be applicable. a. Count of Checks assessed b. Count of checks in Not Reviewed Status c. Count of Open findings by severity d. Count of Open Findings which do not contain input in both the Finding Details and Comments fields. e. Count of NF/NA/NR checks which do not contain input in both the Finding Details field.

[jeremygifford]

I wanted to throw my backing in with this one, it's a more well-stated/fleshed out version of what I asked in "FEATURE REQUEST: Assessment (filter/view/workspace) based on SAP #712"

STIGMan is currently catering towards the system admin side, adding more functionality like this will greatly improve its utility with the IA RMF folks.