BOD 22-01 error handling for schema changes or unavailability

[chelsgr]

Summary

This ticket is in support of BOD 22-01 requirement 12.

In response to questions from the Development team supporting the BOD 22-01 effort https://github.com/cisagov/cool-system-internal/issues/107, the CyHy team requested error notifications but suggested this is a low priority given the CyberDirectives team plans to let people know if any schema changes occur.

Implementation Notes

In response to this list of questions from the Dev team:

• How should the system handle the JSON file being inaccessible? e.g., network down, expired certs, page moved, permission errors, dns failures, etc...
• Should the system validate the JSON file against the published schema?
• Should the schema be loaded on each run, or does the system assume it will not change?
• If the schema changes or is inaccessible how is this handled?
• Who is notified of these failures cases? How?

CyHy requested we do validate the schema and send error messages if the system is unable to read the Known Exploited Vulnerabilities list due to either schema changes or the list being unavailable.

They requested the notifications be sent to both vulnerability@cisa.dhs.gov and cyberdirectives@cisa.dhs.gov.

[chelsgr]

Note: estimated LOE is TBD on this task.

[jsf9k]

This ticket can be closed out once new CyHy AMIs are created and tested with the changes from cisagov/cyhy_amis#410.