Consider changing documentation_complete to status

opencontrol / schemas

YAML schema, examples, and validators for OpenControl format.

Other

70 stars 21 forks source link

Consider changing documentation_complete to status #8

Open JJediny opened 8 years ago

JJediny commented 8 years ago

status:
  - todo: 10
    doing: 0
    done: 90   
    issues:
    - issue: info #todo, doing, done
      text: 
      url:

afeld commented 8 years ago

Is there still a use case for documentation_complete (or status) now that we have gap analysis? It seems to me that if the documentation isn't complete, the tool should be able to tell you that. Like software though, I feel that TODOs should live in an issue tracker, not in the YAML. Is that too idealistic for compliance documentation?

/cc @mzia

mzia commented 8 years ago

What is the intent of documentation_complete? The SSP itself is done after an assessors has reviewed it and gave it a thumbs up. Are we trying to capture that with this field? I don't know. @geramirez ?

geramirez commented 8 years ago

documentation complete is meant to capture the agreement between the issos and the dev team. I agree with @afeld it should be phased out. implementation_status; however, might be a useful flag to certify that a particular control has been implemented. Neither actually matters too much in CM.