usnistgov / OSCAL-DEFINE

Develop Enhancements, Future Implementations and New Education
Other
12 stars 7 forks source link

Spiral: Determine approach to documenting in the SSP and Component Definition a mapped control or statement. #32

Open iMichaela opened 1 year ago

iMichaela commented 1 year ago

Problem Statement

The mapping of controls or statements of controls is needed in the SSP and possibly Component Definition so the results of the assessment against one regulatory framework can be used to automatically infer the compliance status against other mapped frameworks.

For each control satisfaction, by-component, a mapping-record assembly is needed to document:

iMichaela commented 1 year ago

A mapping-record assembly which allows documenting a particular mapping relation for a control-implementation/implemented-requirements/by-components or control-implementation/implemented-requirements/statements/by-components needs to be researched and added to the SSP model and potentially to CDef model as well.