Open JJediny opened 8 years ago
Is there still a use case for documentation_complete
(or status
) now that we have gap analysis? It seems to me that if the documentation isn't complete, the tool should be able to tell you that. Like software though, I feel that TODOs should live in an issue tracker, not in the YAML. Is that too idealistic for compliance documentation?
/cc @mzia
What is the intent of documentation_complete
? The SSP itself is done after an assessors has reviewed it and gave it a thumbs up. Are we trying to capture that with this field? I don't know. @geramirez ?
documentation complete is meant to capture the agreement between the issos and the dev team. I agree with @afeld it should be phased out. implementation_status; however, might be a useful flag to certify that a particular control has been implemented. Neither actually matters too much in CM.