Closed mogul closed 8 years ago
(I believe @clovett3 is also working on this.)
@frsfx said he could help out with documenting controls as well... he's been through the FedRAMP process before.
The list tracking the state of all the controls is in Google Drive.
Issue for templatizing the FedRAMP SSP: https://github.com/opencontrol/compliance-masonry/issues/140
The list tracking the state of all the controls
@clovett3 just showed me a different one:
We just had a meeting to talk about how/where to track the remaining work, since it wasn't clear which of the above issues/Google Docs was canonical. For expediency, the remaining work on the FedRAMP template version of the SSP will be going through @clovett3's hands and into a .docx via Word, with other people contributing in certain controls. (We will NOT be using Compliance Masonry to generate into the FedRAMP template until a later date; it won't help cloud.gov but may help followers in future.) @dlapiduz @mzia and @clovett3 will be getting together early tomorrow to hash out how/where that list will be tracked; please post a reference here when that's available.
I've converted this to an Epic, attached all the issues newly created in the cg-compliance
repo (since it's the sum-total of all that work which will determine when this one is done) and moved it to the Feature column so we don't try to talk about this level of detail at stand-ups.
I've removed the AC about rendering directly into the Word doc, as this is otherwise done and no longer blocking our progress.
@mogul commented on Fri May 20 2016
In order to enter the FedRAMP SAR auditing process with all prerequisites satisfied, we must provide our SSP rendered in the mandated FedRAMP format with all required Moderate-level controls documented.
Acceptance Criteria
cg-atlas
boardFedRAMP P-ATO Remediations
card.People involved: