I used this tool to generate an SCP for FedRAMP High services restriction, and I noticed a few services that were added into the "NotAction" section in the resulting JSON that show a current status of "3PAO Assessment" or "JAB Review" on the AWS Services in Scope page for FedRAMP compliance. These should not have been added into the JSON, as they are not yet fully approved.
In my case, as of the time of this issue creation, that included the following services:
application-autoscaling (JAB Review)
wafv2 (3PAO Assessment)
Oddly, the Single Sign-On (sso) service which appears to be in JAB Review status did not get added to the resulting JSON.
I used this tool to generate an SCP for FedRAMP High services restriction, and I noticed a few services that were added into the "NotAction" section in the resulting JSON that show a current status of "3PAO Assessment" or "JAB Review" on the AWS Services in Scope page for FedRAMP compliance. These should not have been added into the JSON, as they are not yet fully approved.
In my case, as of the time of this issue creation, that included the following services:
Oddly, the Single Sign-On (sso) service which appears to be in JAB Review status did not get added to the resulting JSON.
Steps to re-create: pip3 install aws-allowlister aws-allowlister generate --fedramp-high --quiet > fedramp-high.json
Resulting JSON file zipped and attached.
fedramp-high.json.zip