usnistgov / OSCAL-DEFINE

Develop Enhancements, Future Implementations and New Education
Other
12 stars 7 forks source link

SAMPLE ONLY: Model needed for communicating shared responsibilities without exposing SSP in OSCAL. #1

Closed Compton-US closed 1 year ago

Compton-US commented 1 year ago

Required Information

Title: Customer Responsibility Matrix, and Shared Responsibility Model

Problem Statement

We are interested in the creation of a model that supports the ability to export content from the System Security Plan (SSP) for customers to import/reference in a separate System Security Plan. This responsibility model is used to expose only the appropriate and necessary SSP content to a leveraging system, when the leveraging system owner is not entitled to see the entire SSP of the leveraged system.

Supporting Information

GitHub Project Link - https://github.com/usnistgov/OSCAL/ GitHub Issue # - Impact - Not sure Scope - Not sure Audience - All OSCAL Users

Criticality

Significant - Places burden on operational use, workflow and/or velocity.

Constraints

Requirements

Participants

Compton-US commented 1 year ago

This effort has been reviewed (multiple comments may accompany this step...but this is a sample.). It will be assigned to @Compton-NIST as lead. Effort is expected to begin 2/1/2023.

Compton-US commented 1 year ago

A commit should establish the effort in the repo with a reference to this ticket. Would make an entry here with a link to: https://github.com/usnistgov/OSCAL-Research/tree/prototype-candidate/spirals-example/2022-07-Customer-Responsibility-Model