-
Notifications
You must be signed in to change notification settings - Fork 185
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Approval Status and Date for OSCAL Document Instance #1033
Comments
Per conversation today with Dave and Wendell, I am going to make a recommended architecture design a new assembly. It will look something like this.
Will draft a PR with proposed changes to the Metaschema for review, hopefully for tomorrow's model review meeting. |
As @ohsh6o is inactive, I will try and pick this up. I was talking to @wendellpiez and think, given feedback from the model meeting and his recommendation, I will try to update this PR and convert |
Whew, this guy! Per discussion with Dave, I like the previously implemented assembly designs, I still want to talk over potential naming collisions and other stuff prior to merging this, given Dave and team's approval. Meeting invite sent for next week. |
OK the contributed PR is ready for review and should be good to go for Dave. Sliding this to Under Review. |
PR #1052 is ready to merge. Need community review. |
Going to merge #1429 since there has been no additional community feedback. |
User Story:
As an OSCAL tool developer, in order to allow my tools to show that different stakeholders from the organization authoring the information system's security documentation (SSP, SAP, SAR, and/or POA&M), I want to add metadata to show the responsible parties for approval and dates of these approvals.
Goals:
@david-waltermire-nist and I had found a way to effectively encode only the responsible party for these approvals, but current use of additional
prop
s, existing OSCAL generic metadata structures, and/or specific structures for particular OSCAL models cannot effectively encode and map an approval date for each responsible party. There is a strong likelihood there will be more than one approval party and approval date in most cases.See GSA/fedramp-automation#162 for more context.
Dependencies:
N/A
Acceptance Criteria
{The items above are general acceptance criteria for all User Stories. Please describe anything else that must be completed for this issue to be considered resolved.}
The text was updated successfully, but these errors were encountered: