Open afeld opened 5 years ago
Originally posted by @shawndwells in https://github.com/opencontrol/discuss/issues/65#issuecomment-484321761:
Have you used the OpenControl templates for information systems and system components? What did you think of them?
ref
https://github.com/ComplianceAsCode/template-system-component https://github.com/ComplianceAsCode/template-information-system
Note the github.com/opencontrol is mostly used to house data schema, not actual content.
@timothy-spencer as a former heavy lifter of that documentation, happy to help with 2.
Where can I find the verbiage?
@shawndwells No, I have not seen those before! I will look them over. They might be part of what I need. I've been looking at some of the stuff that cloud.gov did, but it seems to have only been a good start rather than something that actually got battle-tested.
@trevorbryant, check out https://github.com/18F/gcp-appengine-template/tree/dev#ato-and-compliance-considerations . It has the directions of how one would go through the process of getting a GSA LATO, including how to generate the gitbook that you would consult while filling out the SSP (step 6 in https://github.com/18F/gcp-appengine-template/tree/dev#gsa-lato-process). All of the opencontrol stuff that I have written is in that gitbook. You ought to be able to follow the links to the components from the compliance/opencontrol.yaml file in that repo to find the yaml.
Any comments/feedback would be super welcome!
Bump
Originally posted by @timothy-spencer in https://github.com/opencontrol/discuss/issues/65#issuecomment-484288724: