Spiral 4: Create draft of responsibility model. #17
Comments
Compton-US
added
the
Spiral
|
This is a very important thread to thoroughly consider in this spiral: usnistgov/OSCAL#1300 |
|
Additional input needed to go into the document, but the latest spiral was moved out of my personal fork into the project for visibility, will add changes/updates to the branch referenced below. |
|
Preliminary brief and discussion around CRM support in OSCAL. |
|
Consider trying this in working branch as a concept for |
|
@Compton-NIST The intent of the While deprecating the use of |
|
@david-waltermire-nist Thanks for this. More depth is on the way, and I can demonstrate this concept of public vs private. I have a round of feedback to process, and I'll share updates here. Hopefully by end of this week. |
|
@Compton-NIST - Please find below some food for thoughts. I summarized the proposal discussed and then try to look at a DB scenario documented as CDef ->used in SaaS SSP -> with provided and responsibilities -> carried into PaaS CRM -> leveraged in SaaS SSP where some responsibilities are satisfied, others are passed on to -> SaaS CRM for the Client SSP. Let's discuss tomorrow some concerns I tried to capture. I included the usnistgov/OSCAL/#1300 issue to discuss it since it makes sense for the CRM to document the implementation-status similar to the SSP.
|
|
Latest briefing on state of the modeling. Note that there is awareness of the uuid concerns noted above, but for now I'm assuming CDef as a pass through for the identifiers that should exist in the SSPs. I'm minimized those in the diagrams to focus on the essential parts. Technically, the CDef should not be required if full SSPs are shared.
|
|
Updated with corrections to a few identifiers in the Application Owner SSP. briefing-2023-08-31.pdf |
|
To Do:
|
This issue covers work for the spiral supporting Effort #5
The text was updated successfully, but these errors were encountered: