Closed Compton-US closed 1 year ago
This effort has been reviewed (multiple comments may accompany this step...but this is a sample.). It will be assigned to @Compton-NIST as lead. Effort is expected to begin 2/1/2023.
A commit should establish the effort in the repo with a reference to this ticket. Would make an entry here with a link to: https://github.com/usnistgov/OSCAL-Research/tree/prototype-candidate/spirals-example/2022-07-Customer-Responsibility-Model
Required Information
Title: Customer Responsibility Matrix, and Shared Responsibility Model
Problem Statement
We are interested in the creation of a model that supports the ability to export content from the System Security Plan (SSP) for customers to import/reference in a separate System Security Plan. This responsibility model is used to expose only the appropriate and necessary SSP content to a leveraging system, when the leveraging system owner is not entitled to see the entire SSP of the leveraged system.
Supporting Information
GitHub Project Link - https://github.com/usnistgov/OSCAL/ GitHub Issue # - Impact - Not sure Scope - Not sure Audience - All OSCAL Users
Criticality
Significant - Places burden on operational use, workflow and/or velocity.
Constraints
Requirements
Participants
Company A
would be willing to support this effort as needed to develop an approach and model.