Constraint Suppression List

[brian-ruf]

User Story

As a user of the OSCAL CLI, I would like a way to suppress specific constraints, so that when I discover a constraint is erroneous, I can prevent it from appearing the results or causing content to be inappropriately marked as bad.

Ideally this is an external list that I can include and specify with a command like argument. I am unsure if oscal-cli is OSCAL version-aware. If so, the list should offer suppression based on a pairing of OSCAL version number and constraint identifier.

Goals

Suppress inappropriate errors and warnings from validation results.

Dependencies

No response

Acceptance Criteria

• [ ] All website and readme documentation affected by the changes in this issue have been updated.
• [ ] A Pull Request (PR) is submitted that fully addresses the goals of this User Story. This issue is referenced in the PR.
• [ ] The CI-CD build process runs without any reported errors on the PR. This can be confirmed by reviewing that all checks have passed in the PR.

Revisions

No response

[brian-ruf]

Assuming this is functionality worth pursuing, perhaps a better approach is to introduce metaschema syntax that allows tests to be specified for suppression. For example, FedRAMP could include a core-OSCAL constraint suppression list either as a stand-alone metaschema file or as part of the FedRAMP constraints metaschema file. This would serve as an ongoing way to manage incorrect errors when pairing a particular version of FedRAMP's constraints against a particular version of OSCAL.