audit what pieces of the System Security Plan aren't reflected in the schema #31
Comments
|
I'd be excited to work with somebody on this - I figure the best way to go about it would be for a person familiar with the schema to put a meeting on my calendar and talk through it together. For example, right now when I look at that schema description, I don't understand how the component info gets transmogrified into the right parts of the SSP. I've unassigned this from myself since I figure this should be assigned to that person I talk to. :D |
|
@jcscottiii just found the "Additional FedRAMP Requirements and Guidance" tables in #29 (comment). |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I suspect that there are many areas/fields/nuances of the FedRAMP SSP that aren't fields in the OpenControl schema that we need to capture. Someone should work with @brittag to identify them, think through which are the most important for us to capture (presumably which are going to require the most change the in for the SSP), then figure out how to incorporate them.
The text was updated successfully, but these errors were encountered: