OSCAL SSP authors need the ability to export content from a full SSP, suitable for customers to import into another SSP, without exposing all content of the full SSP. At a minimum, this exported content should include customer responsibility statements associated with components and control definition statements. When the SSP author uses optional syntax to define customer-consumable content about what is inherited, this content must also be included.
Compton-US
commented
1 year ago
OSCAL SSP authors need the ability to export content from a full SSP, suitable for customers to import into another SSP, without exposing all content of the full SSP. At a minimum, this exported content should include customer responsibility statements associated with components and control definition statements. When the SSP author uses optional syntax to define customer-consumable content about what is inherited, this content must also be included.
Original Issue
Informal discussion and feedback can be shared here: https://github.com/usnistgov/OSCAL-DEFINE/discussions/13