jenglish
commented
3 years ago implementation_statuses was introduced in opencontrol/schemas#25, initial requirement from cloud-gov/cg-atlas#91.
I don't really understand how multiple implementation_statuses are meant to be interpreted either. I think it would make sense to have a separate implementation_status for each entry in the satisfies list instead of / in addition to an overall status -- for example the IAM component might fully implement AC-2 but only partially implement AC-3. (In fact this is how ssptool stores things internally.)
I will update the json schema to match 3.1.0 so at least ssptool validate will not complain. Will have to think about the other implications.
schema 3.1.0 says implementation_status is to be deprecated. I don't really understand the move to implementation_statuses but could ssp_tool support finding completion details there as well?