You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Update the guide to reflect this change, with more detail in leveraged authorizations,
Update the SSP template Leveraged Services table to reflect the change in the headers.
The text was updated successfully, but these errors were encountered:
This is a ...
concern - something needs to be different
This relates to ...
What is your feedback?
The props for leveraged-authorizations seems to have the same/similar data elements based on the use of these elements in the overall ssp.
For example. In system-characteristic/prop[@name=authorization-type] FedRAMP has defined the following as allowed values:
![image](https://private-user-images.githubusercontent.com/127163717/319577945-12818d87-716d-4d80-b270-16e6bc0f3c1f.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MTg5OTA3MTMsIm5iZiI6MTcxODk5MDQxMywicGF0aCI6Ii8xMjcxNjM3MTcvMzE5NTc3OTQ1LTEyODE4ZDg3LTcxNmQtNGQ4MC1iMjcwLTE2ZTZiYzBmM2MxZi5wbmc_WC1BbXotQWxnb3JpdGhtPUFXUzQtSE1BQy1TSEEyNTYmWC1BbXotQ3JlZGVudGlhbD1BS0lBVkNPRFlMU0E1M1BRSzRaQSUyRjIwMjQwNjIxJTJGdXMtZWFzdC0xJTJGczMlMkZhd3M0X3JlcXVlc3QmWC1BbXotRGF0ZT0yMDI0MDYyMVQxNzIwMTNaJlgtQW16LUV4cGlyZXM9MzAwJlgtQW16LVNpZ25hdHVyZT0yNjhmN2JlNTIwOGY1YWQ0ZjlhNjE3MzBhMmNkZWE1OWQ5NDMxZDhjYzNlYjUzMjQ0M2Q4MzI1NTQwZDc2NDAyJlgtQW16LVNpZ25lZEhlYWRlcnM9aG9zdCZhY3Rvcl9pZD0wJmtleV9pZD0wJnJlcG9faWQ9MCJ9.5vdFSmUHerX4Vk4w5GLsFrhDmfOuSbv2w9nT8QXROmY)
However, for the leveraged-authorizations the 'li-saas' option seems to have switched to the prop for impact level.
![image](https://private-user-images.githubusercontent.com/127163717/319578432-44d819c3-01fe-4362-8d7c-a3c8f1c88beb.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MTg5OTA3MTMsIm5iZiI6MTcxODk5MDQxMywicGF0aCI6Ii8xMjcxNjM3MTcvMzE5NTc4NDMyLTQ0ZDgxOWMzLTAxZmUtNDM2Mi04ZDdjLWEzYzhmMWM4OGJlYi5wbmc_WC1BbXotQWxnb3JpdGhtPUFXUzQtSE1BQy1TSEEyNTYmWC1BbXotQ3JlZGVudGlhbD1BS0lBVkNPRFlMU0E1M1BRSzRaQSUyRjIwMjQwNjIxJTJGdXMtZWFzdC0xJTJGczMlMkZhd3M0X3JlcXVlc3QmWC1BbXotRGF0ZT0yMDI0MDYyMVQxNzIwMTNaJlgtQW16LUV4cGlyZXM9MzAwJlgtQW16LVNpZ25hdHVyZT0xMmYzMDA3ZmY2YThjNWM1ODg1MTBkZTI0NzU0N2E0ZTkxOWE5ZmI0NmNiMmQyMTNjODhhNDEzZWJiNjdjMThlJlgtQW16LVNpZ25lZEhlYWRlcnM9aG9zdCZhY3Rvcl9pZD0wJmtleV9pZD0wJnJlcG9faWQ9MCJ9.9BQr2hBeTwRRx6YSHJ51k4v3cQN5a5QNU5lX4dbESoE)
The allowed values for impact level seem to be a reflection of the sources security-sensitivity-level
But the values defined in leveraged-authorizations do not follow the same format.
Where, exactly?
system-implementation/leveraged-authorizations/props
Other information
Recommendation:
system-implementation/leveraged-authorizations/prop[@name=impact-level] allowed values == OSCAL allowed values for system-characteristics/security-sensitivity-level
system-implementation/leveraged-authorizations/prop[@name=authorization-type] allowed values == system-characteristics/prop[@name=authorization-type]
Update the guide to reflect this change, with more detail in leveraged authorizations,
Update the SSP template Leveraged Services table to reflect the change in the headers.
The text was updated successfully, but these errors were encountered: