Closed brittag closed 8 years ago
brittag
commented
8 years ago I believe the following are already mentioned in our -1 statements (so you can look there for reference), but in case we need easy access to the actual text when updating these policy docs, here's where to find relevant GSA docs:
NoahKunin
commented
8 years ago I'm on this now. My branch will be up soon.
brittag
commented
8 years ago Noting status: this is getting worked on at https://github.com/18F/compliance-docs/pull/9
NoahKunin
commented
8 years ago Status: 18F/compliance-docs#9 merged, new PR en route.
NoahKunin
commented
8 years ago https://github.com/18F/compliance-docs/pull/10 was closed.
The work continues: https://github.com/18F/compliance-docs/pull/11
brittag
commented
8 years ago This is in progress as part of separately-tracked work.
In order for our cloud.gov SSP to provide helpful and accurate information for compliance reviewers who want to learn about our formally-documented policies and procedures, the cloud.gov team (with assistance from relevant 18F staff) should update the policies and procedures that we refer to in our -1 controls (https://github.com/18F/compliance-docs) to reflect how we work. Updating these documents to reflect how we work will also help cloud.gov stay in compliance with them.
We need to do some research and decision-making before we can take action on this task: we need to figure out what the scope of these documents should be, and then update them to match that defined scope.
Issues I see include:
For example, if we re-defined these as cloud.gov team policies, tasks might include the following:
Also: in general we need to review any -1 control origination statement that is marked as just corporate instead of hybrid. Most of them should probably be hybrid.