Closed yruss972 closed 3 years ago
implementation_statuses
was introduced in opencontrol/schemas#25, initial requirement from cloud-gov/cg-atlas#91.
I don't really understand how multiple implementation_statuses
are meant to be interpreted either. I think it would make sense to have a separate implementation_status
for each entry in the satisfies
list instead of / in addition to an overall status -- for example the IAM component might fully implement AC-2 but only partially implement AC-3. (In fact this is how ssptool stores things internally.)
I will update the json schema to match 3.1.0 so at least ssptool validate
will not complain. Will have to think about the other implications.
schema 3.1.0 says implementation_status is to be deprecated. I don't really understand the move to implementation_statuses but could ssp_tool support finding completion details there as well?