Open Compton-US opened 1 year ago
iMichaela
commented
1 year ago The evidence requirement could (potentially) be a property of a mapping-record assembly ( #32 ) which would allow documenting a particular mapping relation for a control-implementation/implemented-requirements/by-components or control-implementation/implemented-requirements/statements/by-components.
The information will then be conveyed to AP, AR, POAM through the import mechanism.
iMichaela
commented
11 months ago The evidence requirement could (potentially) be a property of a
mapping-recordassembly ( #32 ) which would allow documenting a particular mapping relation for acontrol-implementation/implemented-requirements/by-componentsorcontrol-implementation/implemented-requirements/statements/by-components.The information will then be conveyed to AP, AR, POAM through the import mechanism.
Alternatively, the re-defined property category of the qualifier (see note in issue #27) could be used to define which aspect of the source, target or both is the predicate applicable to: requirement, parameter, objective, assessment method, or evidence, addressing in this way this issue.
Problem Statement
Belongs to https://github.com/usnistgov/OSCAL-DEFINE/issues/18
Consider evidence as an important dimension of equivalency in some contexts, particularly if an organization is using a mapping to prepare for meeting a new standard based on another framework. If this particular approach requires a more in-depth synthesis using profiles and SSP documents, we should produce a guide for this.