diff --git a/.github/ISSUE_TEMPLATE/account_management_authorization_form.yaml b/.github/ISSUE_TEMPLATE/account_management_authorization_form.yaml deleted file mode 100644 index 2d26f8e..0000000 --- a/.github/ISSUE_TEMPLATE/account_management_authorization_form.yaml +++ /dev/null @@ -1,81 +0,0 @@ -name: Account Management Authorization Form -description: Submit an account related authorization -labels: ['ACCOUNT_AUTHORIZED_RECORD'] -body: - - type: input - id: account-holder-full-name - attributes: - label: Account holder full name - placeholder: Type here account holder full name as it appears in his/her ID. - validations: - required: true - - type: dropdown - id: account-type - attributes: - label: What role/attribute is requested for the account holder - description: Select the action from the drop-down - options: - - System Owner - - License Owner - - Authorizing Official - - System Sec Assessor - - System Administrator - - Technical Point of Contact - multiple: false - validations: - required: true - - type: dropdown - id: account-privilege - attributes: - label: What account privilege is requested - description: Select the action from the drop-down - options: - - non-privileged (user:read/write) - - privileged (root:read/write/execute) - multiple: false - validations: - required: true - - type: dropdown - id: account-created - attributes: - label: Account creation - description: Select the action from the drop-down - options: - - Created - - Modified - - Disabled - - Enabled - - Deleted - - Not done - multiple: false - validations: - required: true - - type: dropdown - id: account-created-by - attributes: - label: Account creation by - description: Select the action from the drop-down - options: - - System Administrator - - Accounts Manager - multiple: false - validations: - required: true - - type: dropdown - id: account-approved-by - attributes: - label: Account approved by - description: Select the action from the drop-down - options: - - Program Manager (for privileged accounts) - - System Owner (for non-privileged accounts) - multiple: false - validations: - required: true - - type: textarea - id: comments - attributes: - label: Comments - placeholder: (optional) Type in here any additional information related to this authorization. - validations: - required: false diff --git a/.github/ISSUE_TEMPLATE/account_management_request_form.yaml b/.github/ISSUE_TEMPLATE/account_management_request_form.yaml index 2c4ebfd..bae6ce9 100644 --- a/.github/ISSUE_TEMPLATE/account_management_request_form.yaml +++ b/.github/ISSUE_TEMPLATE/account_management_request_form.yaml @@ -3,19 +3,33 @@ description: Submit an account related request labels: ['ACCOUNT_REQUEST_RECORD'] body: - type: input - id: first-name + id: user-first-name attributes: label: Account Holder First Name placeholder: Type here user's first name as it appears in his/her ID. validations: required: true - type: input - id: last-name + id: user-last-name attributes: label: Account Holder Last Name placeholder: Type here user's last name as it appears in his/her ID. validations: required: true + - type: input + id: user-email + attributes: + label: Account Holder Email + placeholder: Type here user's email + validations: + required: true + - type: input + id: user-username + attributes: + label: Account Holder Username + placeholder: Type here user's username + validations: + required: true - type: input id: requester-name attributes: diff --git a/.github/workflows/account_request_approve.yaml b/.github/workflows/account_request_approve.yaml index a729ebc..5714bb0 100644 --- a/.github/workflows/account_request_approve.yaml +++ b/.github/workflows/account_request_approve.yaml @@ -21,4 +21,82 @@ jobs: NUMBER: ${{ github.event.issue.number }} BODY: > Account management request APPROVED by Blossom Management. - @blossom-sysdevs please review and submit Account Management Authorization Form. \ No newline at end of file + @usnistgov/blossom-sysdevs please ensure the ACL and/or Cognito are updated and the SSP is in sync with the update. + When implemented, add the ACCOUNT_IMPLEMENTED label and + link this account request issue to the PR with the implementation. + + parse-issue: + needs: request-approved + runs-on: ubuntu-20.04 + outputs: + account-modification: ${{ steps.issue-parser.outputs.issueparser_account-modification }} + user-first-name: ${{ steps.issue-parser.outputs.issueparser_user-first-name }} + user-last-name: ${{ steps.issue-parser.outputs.issueparser_user-last-name }} + user-username: ${{ steps.issue-parser.outputs.issueparser_user-username }} + user-email: ${{ steps.issue-parser.outputs.issueparser_user-email }} + account-type: ${{ steps.issue-parser.outputs.issueparser_account-type }} + steps: + - name: Checkout repo + uses: actions/checkout@v4 + with: + sparse-checkout: | + .github/ISSUE_TEMPLATE/account_management_request_form.yaml + sparse-checkout-cone-mode: false + + - name: Parse issue body + uses: stefanbuck/github-issue-parser@v3.2.1 + id: issue-parser + with: + template-path: ".github/ISSUE_TEMPLATE/account_management_request_form.yaml" + + create-user: + needs: parse-issue + if: ${{ needs.parse-issue.outputs.account-modification == 'Create' }} + runs-on: ubuntu-20.04 + steps: + - name: Checkout repo + uses: actions/checkout@v4 + + - name: Ensure directory exists for created users + run: | + mkdir -p ato/oscal-artifacts/created_users/ + + - name: Ensure directory exists for created users references + run: | + mkdir -p ato/oscal-artifacts/reference_created_users/ + + - name: Create yaml file for automated user creation + env: + USER_NAME: "${{ needs.parse-issue.outputs.user-first-name }} ${{ needs.parse-issue.outputs.user-last-name }}" + USER_USERNAME: ${{ needs.parse-issue.outputs.user-username }} + USER_EMAIL: ${{ needs.parse-issue.outputs.user-email }} + USER_ROLE: ${{ needs.parse-issue.outputs.account-type }} + ISSUE_NUMBER: ${{ github.event.issue.number }} + run: | + python ato/secops/create_user.py --user-name "$USER_NAME" --user-username "$USER_USERNAME" --user-email "$USER_EMAIL" --user-role "$USER_ROLE" --issue-number "$ISSUE_NUMBER" + + - name: Store user yaml in repo + run: | + git config --global user.name "create-user-action[bot]" + git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com" + git checkout -b "$BRANCH_NAME" + git add "ato/oscal-artifacts/created_users/*" + git add "ato/oscal-artifacts/reference_created_users/*" + git commit -m "Create user request #$ISSUE_NUMBER" + git push origin "$BRANCH_NAME" + env: + ISSUE_NUMBER: ${{ github.event.issue.number }} + BRANCH_NAME: "account-request-${{ github.event.issue.number }}" + + - name: Configure AWS CLI + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-region: ${{ secrets.AWS_REGION }} + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_KEY }} + + - name: Copy reference yaml to bucket + run: | + aws s3 cp --recursive ato/oscal-artifacts/reference_created_users/ s3://"$AWS_BUCKET" + env: + AWS_BUCKET: ${{ secrets.AWS_BUCKET }} diff --git a/.github/workflows/account_request_assessment.yaml b/.github/workflows/account_request_assessment.yaml new file mode 100644 index 0000000..2384b60 --- /dev/null +++ b/.github/workflows/account_request_assessment.yaml @@ -0,0 +1,20 @@ +name: Account Request Assessment + +on: + pull_request: + types: + - closed + paths: + - 'blossom_admin_member_ssp.xml' + +# If a Pull Request updating the SSP is merged +jobs: + if_merged: + if: github.event.pull_request.merged == true + runs-on: ubuntu-20.04 +# permissions: +# issues: write + steps: + - name: Run automated assessment + run: echo "assessment" + # query chaincode, code to execute on chaincode for list of supported roles, API command diff --git a/.github/workflows/account_request_authorize.yaml b/.github/workflows/account_request_authorize.yaml deleted file mode 100644 index 4753e0a..0000000 --- a/.github/workflows/account_request_authorize.yaml +++ /dev/null @@ -1,28 +0,0 @@ -name: Account Request Authorize - -on: - issues: - types: - - labeled - -jobs: - # When an issue is created by account management authorization form - # Label of account management request form is ACCOUNT_AUTHORIZED_RECORD - request-authorized: - if: github.event.label.name == 'ACCOUNT_AUTHORIZED_RECORD' - runs-on: ubuntu-20.04 - permissions: - issues: write - steps: - - name: Add comment - run: gh issue comment "$NUMBER" --body "$BODY" - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - GH_REPO: ${{ github.repository }} - NUMBER: ${{ github.event.issue.number }} - BODY: > - Account management AUTHORIZED - - -# Contact AWS Cognito to show users -# Check is user contained in ACL is in AWS response with grep diff --git a/.github/workflows/account_request_implement.yaml b/.github/workflows/account_request_implement.yaml new file mode 100644 index 0000000..5f300a2 --- /dev/null +++ b/.github/workflows/account_request_implement.yaml @@ -0,0 +1,24 @@ +name: Account Request Implement + +on: + issues: + types: + - labeled + +jobs: + # When ACCOUNT_IMPLEMENTED label is added to account management request + request-implemented: + if: github.event.label.name == 'ACCOUNT_IMPLEMENTED' + runs-on: ubuntu-20.04 + permissions: + issues: write + steps: + - name: Notify Blossom Assessors about Implemented Account + run: gh issue comment "$NUMBER" --body "$BODY" + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GH_REPO: ${{ github.repository }} + NUMBER: ${{ github.event.issue.number }} + BODY: > + @usnistgov/blossom-assessors An edit to the ACL and/or SSP has been implemented. + Please monitor the automated assessment. \ No newline at end of file diff --git a/.github/workflows/account_request_open.yaml b/.github/workflows/account_request_open.yaml index 35d4fa2..8071943 100644 --- a/.github/workflows/account_request_open.yaml +++ b/.github/workflows/account_request_open.yaml @@ -22,5 +22,5 @@ jobs: NUMBER: ${{ github.event.issue.number }} BODY: > Account management request CREATED. - @blossom-management please review and approve/reject this request - by adding ACCOUNT_APPROVED or ACCOUNT_REJECTED label. \ No newline at end of file + @usnistgov/blossom-management please review and approve/reject this request + by adding ACCOUNT_APPROVED or ACCOUNT_REJECTED label to this issue. \ No newline at end of file diff --git a/.github/workflows/account_request_reject.yaml b/.github/workflows/account_request_reject.yaml index 5454ca2..cd74553 100644 --- a/.github/workflows/account_request_reject.yaml +++ b/.github/workflows/account_request_reject.yaml @@ -14,11 +14,11 @@ jobs: issues: write steps: - name: Close rejected account request - run: gh issue close "$NUMBER" --comment "$COMMENT" + run: gh issue close "$NUMBER" --comment "$COMMENT" --reason "not planned" env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} GH_REPO: ${{ github.repository }} NUMBER: ${{ github.event.issue.number }} COMMENT: > Account management request REJECTED by Blossom Management. - Closing request. + Closing request as "not planned". diff --git a/.github/workflows/account_workflow.md b/.github/workflows/account_workflow.md new file mode 100644 index 0000000..a664e6d --- /dev/null +++ b/.github/workflows/account_workflow.md @@ -0,0 +1,32 @@ +# Account Management Workflow + +This document explains the workflow of GitHub actions used to automate Blossom service's accounts management. + +## Requirements to run Actions +- [ ] Repository secrets: AWS_ACCESS_KEY, AWS_SECRET_KEY, AWS_REGION, AWS_BUCKET +- [ ] Issue labels: ACCOUNT_REQUEST_RECORD, ACCOUNT_APPROVED, ACCOUNT_REJECTED, ACCOUNT_IMPLEMENTED + +## Account Request and Creation +- [ ] The requester requests an account for the Account Holder by creating a new GitHub issue using the Account Request Form. +- [ ] The Blossom Management group is automatically notified to review the request through GitHub. +- [ ] One of the Blossom Management (a member of the Blossom Management group) reviews the request and adds a new label to the issue: ACCOUNT_APPROVED or ACCOUNT_REJECTED +- [ ] If ACCOUNT_REJECTED, the account request issue is automatically closed. +- [ ] If the account is approved and the label ACCOUNT_APPROVED is added, the Blossom Sysdevs group is automatically notified about implementation. +- [ ] A YAML file is automatically created from information submitted through the Account Request Form, which is pushed to the GitHub repo as a new branch and a condensed version is sent to S3 bucket. +- [ ] S3 bucket receives the file about the new user to create and sends a trigger to EC2, which implements the new user in Cognito, SSM, ACL, AMB as necessary. +- [ ] The new user is inserted into the SSP, which is pushed into the GitHub repo to the new branch. +- [ ] Upon completion of creating the account requested, a Pull Request is automatically created, to link the branch with the Account Request issue. +- [ ] Upon merging the Pull Request that implements the account, the relevant updated controls are re-assessed automatically. The Blossom Assessors group is then notified to monitor the automated assessment. +- [ ] TBD: STEPS FOR AUTOMATED ASSESSMENT + +## Account Disable +[TBD] + +## Account Enable +[TBD] + +## Account Change +[TBD] + +## Account Deletion +[TBD] diff --git a/.gitignore b/.gitignore index 3532e70..29ffb99 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,6 @@ .DS_Store .vscode/* +.history/* *.pyc __pycache__/ draft-* @@ -9,3 +10,5 @@ draft-* .pyenv* .env* oscal-cli.txt +# Ignore validation tool oscal-cli +build/oscal-cli diff --git a/.sims/acl.xml b/.sims/acl.xml new file mode 100644 index 0000000..50523c2 --- /dev/null +++ b/.sims/acl.xml @@ -0,0 +1,103 @@ + + + + 09ad840f-aa79-43aa-9f22-25182c2ab11b + System Owner + + + 551b9706-d6a4-4d25-8207-f2ccec541016 + System Owner + + + + + 09ad840f-aa79-43aa-9f22-25182c2ab11b + System Owner + + READ + + + + 09ad840f-aa79-43aa-9f22-25182c2ab11b + System Owner + + WRITE + + + + 09ad840f-aa79-43aa-9f22-25182c2ab11b + System Owner + + READ_ACP + + + + 551b9706-d6a4-4d25-8207-f2ccec541016 + System Owner + + WRITE_ACP + + + + 551b9706-d6a4-4d25-8207-f2ccec541016 + System Owner + + READ_ACP + + + + 551b9706-d6a4-4d25-8207-f2ccec541016 + System Owner + + WRITE + + + + 4fded5fd-7a65-47ea-bd76-df57c46e27d1 + System Administrator + + READ + + + + 4fded5fd-7a65-47ea-bd76-df57c46e27d1 + System Administrator + + WRITE + + + + 4fded5fd-7a65-47ea-bd76-df57c46e27d1 + System Administrator + + READ_ACP + + + + 4fded5fd-7a65-47ea-bd76-df57c46e27d1 + System Administrator + + WRITE_ACP + + + + 132953a9-640c-46f7-9de9-3fa15ec99361 + System Security Assessor + + READ + + + + 132953a9-640c-46f7-9de9-3fa15ec99361 + System Security Assessor + + READ_ACP + + + + http://acs.amazonaws.com/groups/global/AllUsers + + READ + + + \ No newline at end of file diff --git a/.sims/handshake/handshake_empty b/.sims/handshake/handshake_empty new file mode 100644 index 0000000..e69de29 diff --git a/account_workflow.md b/account_workflow.md deleted file mode 100644 index f3f7244..0000000 --- a/account_workflow.md +++ /dev/null @@ -1,8 +0,0 @@ -# Account Management Workflow -Document that explains the workflow of GitHub actions used to automate account management. - -The requester creates a new GitHub issue (Account Request Form) to request an account for the Account Holder. -The Blossom Management group is automatically notified to review this request through GitHub. -A Blossom Management member reviews the request and adds a new label to the issue: ACCOUNT_APPROVED or ACCOUNT_REJECTED -If ACCOUNT_APPROVED, the Blossom Sysdevs group is automatically notified to implement the account and submit a new issue (Account Management Authorization Form) for the Account Holder. -If ACCOUNT_REJECTED, the account request issue is automatically closed. \ No newline at end of file diff --git a/ato/oscal-artifacts/README.md b/ato/oscal-artifacts/README.md new file mode 100644 index 0000000..afe6d21 --- /dev/null +++ b/ato/oscal-artifacts/README.md @@ -0,0 +1,3 @@ +# Blossom ATO Artifacts in OSCAL +This directory contains OSCAL artifacts created during automatic assessment process. + diff --git a/ato/secops/README.md b/ato/secops/README.md new file mode 100644 index 0000000..041f7a7 --- /dev/null +++ b/ato/secops/README.md @@ -0,0 +1,2 @@ +# Blossom Security Operations +This directory contains operational artifacts created to automate the system security assessment and authorization (A&A) processes and ATO issuance. diff --git a/ato/secops/create_user.py b/ato/secops/create_user.py new file mode 100644 index 0000000..32891df --- /dev/null +++ b/ato/secops/create_user.py @@ -0,0 +1,61 @@ +import click +import yaml +from datetime import datetime + +@click.command() +@click.option('--user-name', required=True, help='Name of user to create') +@click.option('--user-username', required=True, help='Name of user to create') +@click.option('--user-email', required=True, help='Email of user to create') +@click.option('--user-role', required=True, help='Role of user to create') +@click.option('--location-uuid', help='UUID of physical location of user') +@click.option('--org-member', help='UUID of organization that user is member of') +@click.option('--issue-number', help='Issue number of user account request') +def create_user(user_name, user_username, user_email, user_role, location_uuid, org_member, issue_number): + """ + Creates a yaml file containing information about a new user + + Args: + user_name (string): String containing name of new user + user_username (string): String containing username of new user + user_email (string): String containing email of new user + user_role (string): String containing role of new user + location_uuid (string): String containing UUID of physical location of user + org_member (string): String containing UUID of organization that user is member of + issue_number (string): String containing issue number of user account request + """ + + # Structure of yaml file + cmd = { + "command" : "create-acl-user|create-cognito-user", + "user" : { + "name" : f"{user_name}", + "username" : f"{user_username}", + "email-address":f"{user_email}", + "role":f"{user_role}", + "location-uuid":f"{location_uuid}", + "member-of-organization":f"{org_member}", + }, + } + + # Include timestamp in filename + timestamp = datetime.now().strftime("%Y%m%d-%H%M%S") + + # Write to user yaml file (stored in repo) + filename = "ato/oscal-artifacts/created_users/created_user_" + timestamp + ".yaml" + with open(filename, 'w') as f: + print(f"\n\n{yaml.safe_dump(cmd, default_flow_style=False)}", file=f) + + # Structure of yaml file referencing user yaml file + reference = { + "file": f"{filename}", + "issue_number": f"{issue_number}", + "branch_name": f"account-request-{issue_number}" + } + + # Write to user reference yaml file (sent to S3) + filename_reference = "ato/oscal-artifacts/reference_created_users/reference_created_user_" + timestamp + ".yaml" + with open(filename_reference, 'w') as f: + print(f"\n\n{yaml.safe_dump(reference, default_flow_style=False)}", file=f) + +if __name__ == '__main__': + create_user() \ No newline at end of file diff --git a/oscal-content/json/profile/blossom_moderate_profile_resolved.json b/oscal-content/json/catalog/blossom_moderate_profile_resolved_to_catalog.json similarity index 100% rename from oscal-content/json/profile/blossom_moderate_profile_resolved.json rename to oscal-content/json/catalog/blossom_moderate_profile_resolved_to_catalog.json diff --git a/oscal-content/json/ssp/aws_leveraged_authorization_ssp.json b/oscal-content/json/ssp/aws_leveraged_authorization_ssp.json index bc38bf9..d06f9f7 100644 --- a/oscal-content/json/ssp/aws_leveraged_authorization_ssp.json +++ b/oscal-content/json/ssp/aws_leveraged_authorization_ssp.json @@ -224,6 +224,7 @@ "information-types" : [ { "uuid" : "27e034c9-2164-47c1-ba0b-8eb56c941842", "title" : "Corrective Action (Policy/Regulation)", + "description" : "TBD", "categorizations" : [ { "system" : "https://doi.org/10.6028/NIST.SP.800-60v2r1", "information-type-ids" : [ "C.2.1.1" ] @@ -251,11 +252,13 @@ "state" : "operational" }, "authorization-boundary" : { + "description" : "TBD", "diagrams" : [ { "uuid" : "1d92b6f3-1260-421c-9bda-5c4a7739f0d1" } ] }, "network-architecture" : { + "description" : "TBD", "diagrams" : [ { "uuid" : "2d92b6f3-1260-421c-9bda-5c4a7739f0d2" } ] @@ -384,6 +387,7 @@ "uuid" : "1398d737-8041-4774-bed3-668d90617860", "description" : "TBD:", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "f5c1b59c-04ff-4821-980a-e10c18e379a8", "description" : "TBD:" @@ -429,7 +433,9 @@ "by-components" : [ { "component-uuid" : "463e6979-b660-4e61-b475-90777d228307", "uuid" : "fdecdd89-e6ce-40d7-97a9-55d3a57abb8c", + "description" : "TBD", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "9c4a8b31-fe34-4b5f-933d-2a1c448a4ef2", "description" : "This control associated with hardware components within AWS is generally either partially or fully inherited from the AWS physical infrastructure. For the U.S. East, U.S. West, and GovCloud regions, this control is inherited from pre-existing Agency Authority to Operate (ATO) or JAB provisional Authority to Operate." @@ -447,7 +453,9 @@ "by-components" : [ { "component-uuid" : "463e6979-b660-4e61-b475-90777d228307", "uuid" : "2cd8b8e6-673a-4470-8534-13b5e2c9a240", + "description" : "TBD", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "bbeec595-6c96-4102-ac5d-a7675ed6c529", "description" : "This control associated with hardware components within AWS is generally either partially or fully inherited from the AWS physical infrastructure. For the U.S. East, U.S. West, and GovCloud regions, this control is inherited from pre-existing Agency Authority to Operate (ATO) or JAB provisional Authority to Operate." @@ -486,7 +494,9 @@ "by-components" : [ { "component-uuid" : "463e6979-b660-4e61-b475-90777d228307", "uuid" : "8103b498-0f37-4106-92e0-d88886da6eb3", + "description" : "TBD", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "9678dd9d-6125-45b7-ba22-9fa41f03f72e", "description" : "This control associated with hardware components within AWS is generally either partially or fully inherited from the AWS physical infrastructure. For the U.S. East, U.S. West, and GovCloud regions, this control is inherited from pre-existing Agency Authority to Operate (ATO) or JAB provisional Authority to Operate." @@ -504,7 +514,9 @@ "by-components" : [ { "component-uuid" : "463e6979-b660-4e61-b475-90777d228307", "uuid" : "ea52159a-8bc8-4a7e-b552-6cfd49291a6b", + "description" : "TBD", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "6b0ef9b2-6b7d-4178-b8e8-1f9ffc471045", "description" : "This control associated with hardware components within AWS is generally either partially or fully inherited from the AWS physical infrastructure. For the U.S. East, U.S. West, and GovCloud regions, this control is inherited from pre-existing Agency Authority to Operate (ATO) or JAB provisional Authority to Operate." @@ -522,7 +534,9 @@ "by-components" : [ { "component-uuid" : "463e6979-b660-4e61-b475-90777d228307", "uuid" : "8ed49eba-7071-4d05-8a72-7170cd70e073", + "description" : "TBD", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "9af6d025-089c-4b60-aa2a-f2301a1f4ba1", "description" : "This control associated with hardware components within AWS is generally either partially or fully inherited from the AWS physical infrastructure. For the U.S. East, U.S. West, and GovCloud regions, this control is inherited from pre-existing Agency Authority to Operate (ATO) or JAB provisional Authority to Operate." @@ -540,7 +554,9 @@ "by-components" : [ { "component-uuid" : "463e6979-b660-4e61-b475-90777d228307", "uuid" : "aed2636d-73bc-4484-aa02-744c7d7766e3", + "description" : "TBD", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "72a3d5fb-6021-4052-8b8d-645f445f1de9", "description" : "This control associated with hardware components within AWS is generally either partially or fully inherited from the AWS physical infrastructure. For the U.S. East, U.S. West, and GovCloud regions, this control is inherited from pre-existing Agency Authority to Operate (ATO) or JAB provisional Authority to Operate." @@ -558,7 +574,9 @@ "by-components" : [ { "component-uuid" : "463e6979-b660-4e61-b475-90777d228307", "uuid" : "eaaf5c14-f217-4f73-9a05-6238ee9e2e00", + "description" : "TBD", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "63b1f1a3-ed64-4b3b-91f0-80255ccfdd80", "description" : "This control associated with hardware components within AWS is generally either partially or fully inherited from the AWS physical infrastructure. For the U.S. East, U.S. West, and GovCloud regions, this control is inherited from pre-existing Agency Authority to Operate (ATO) or JAB provisional Authority to Operate." @@ -576,7 +594,9 @@ "by-components" : [ { "component-uuid" : "463e6979-b660-4e61-b475-90777d228307", "uuid" : "d4182aa0-508a-4bf4-97d7-7c351b34f8c9", + "description" : "TBD", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "6ba7424b-ec07-494c-a937-315be22012df", "description" : "This control associated with hardware components within AWS is generally either partially or fully inherited from the AWS physical infrastructure. For the U.S. East, U.S. West, and GovCloud regions, this control is inherited from pre-existing Agency Authority to Operate (ATO) or JAB provisional Authority to Operate." @@ -605,7 +625,9 @@ "by-components" : [ { "component-uuid" : "463e6979-b660-4e61-b475-90777d228307", "uuid" : "bd636006-e24a-48a6-826d-e140ce79688b", + "description" : "TBD", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "13f36d45-615b-41e2-9760-6731a543e3b5", "description" : "This control associated with hardware components within AWS is generally either partially or fully inherited from the AWS physical infrastructure. For the U.S. East, U.S. West, and GovCloud regions, this control is inherited from pre-existing Agency Authority to Operate (ATO) or JAB provisional Authority to Operate." @@ -633,7 +655,9 @@ "by-components" : [ { "component-uuid" : "463e6979-b660-4e61-b475-90777d228307", "uuid" : "c938abfb-d25c-4810-acba-7676d2462a88", + "description" : "TBD", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "c906e5b4-40ce-42e0-af33-6e70e2f93499", "description" : "This control associated with hardware components within AWS is generally either partially or fully inherited from the AWS physical infrastructure. For the U.S. East, U.S. West, and GovCloud regions, this control is inherited from pre-existing Agency Authority to Operate (ATO) or JAB provisional Authority to Operate." @@ -661,7 +685,9 @@ "by-components" : [ { "component-uuid" : "463e6979-b660-4e61-b475-90777d228307", "uuid" : "17a3d2b4-9caa-405c-bfe3-ef4f43b7f7bf", + "description" : "TBD", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "dfa89026-ff35-47e6-8c3f-cc4b2b623dd6", "description" : "This control associated with hardware components within AWS is generally either partially or fully inherited from the AWS physical infrastructure. For the U.S. East, U.S. West, and GovCloud regions, this control is inherited from pre-existing Agency Authority to Operate (ATO) or JAB provisional Authority to Operate." @@ -696,7 +722,9 @@ "by-components" : [ { "component-uuid" : "463e6979-b660-4e61-b475-90777d228307", "uuid" : "7a32cdf4-0904-4c26-8f1d-9906d35ede53", + "description" : "TBD", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "ebfb1122-fd4b-49d2-acc2-349d54db3c51", "description" : "This control associated with hardware components within AWS is generally either partially or fully inherited from the AWS physical infrastructure. For the U.S. East, U.S. West, and GovCloud regions, this control is inherited from pre-existing Agency Authority to Operate (ATO) or JAB provisional Authority to Operate." @@ -714,7 +742,9 @@ "by-components" : [ { "component-uuid" : "463e6979-b660-4e61-b475-90777d228307", "uuid" : "e06595df-f3b7-4ce5-a510-6ca8fe068b72", + "description" : "TBD", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "6e8f46ce-8f4e-40f1-95a8-71430a769709", "description" : "This control associated with hardware components within AWS is generally either partially or fully inherited from the AWS physical infrastructure. For the U.S. East, U.S. West, and GovCloud regions, this control is inherited from pre-existing Agency Authority to Operate (ATO) or JAB provisional Authority to Operate." @@ -732,7 +762,9 @@ "by-components" : [ { "component-uuid" : "463e6979-b660-4e61-b475-90777d228307", "uuid" : "cc0efa05-1f76-46d3-a974-3d96b3257d64", + "description" : "TBD", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "36d198cc-91e3-4f0b-a633-7cc256d29c42", "description" : "This control associated with hardware components within AWS is generally either partially or fully inherited from the AWS physical infrastructure. For the U.S. East, U.S. West, and GovCloud regions, this control is inherited from pre-existing Agency Authority to Operate (ATO) or JAB provisional Authority to Operate." @@ -750,7 +782,9 @@ "by-components" : [ { "component-uuid" : "463e6979-b660-4e61-b475-90777d228307", "uuid" : "0702e1b5-f95a-47b8-8244-a66ab38b0908", + "description" : "TBD", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "78df87ae-283c-4626-981a-e14291a0c8dd", "description" : "This control associated with hardware components within AWS is generally either partially or fully inherited from the AWS physical infrastructure. For the U.S. East, U.S. West, and GovCloud regions, this control is inherited from pre-existing Agency Authority to Operate (ATO) or JAB provisional Authority to Operate." @@ -782,7 +816,9 @@ "by-components" : [ { "component-uuid" : "463e6979-b660-4e61-b475-90777d228307", "uuid" : "a68e4b6a-b77e-485d-aa8a-e785fc158085", + "description" : "TBD", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "4d23c4d8-b0cb-4a8a-9d64-aa24da8ab619", "description" : "This control associated with hardware components within AWS is generally either partially or fully inherited from the AWS physical infrastructure. For the U.S. East, U.S. West, and GovCloud regions, this control is inherited from pre-existing Agency Authority to Operate (ATO) or JAB provisional Authority to Operate." @@ -800,7 +836,9 @@ "by-components" : [ { "component-uuid" : "463e6979-b660-4e61-b475-90777d228307", "uuid" : "42c76696-a674-464a-9229-6c6c3efae55d", + "description" : "TBD", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "35ab73e0-937c-48c3-b02f-fc2d10b1a81e", "description" : "This control associated with hardware components within AWS is generally either partially or fully inherited from the AWS physical infrastructure. For the U.S. East, U.S. West, and GovCloud regions, this control is inherited from pre-existing Agency Authority to Operate (ATO) or JAB provisional Authority to Operate." @@ -818,7 +856,9 @@ "by-components" : [ { "component-uuid" : "463e6979-b660-4e61-b475-90777d228307", "uuid" : "d6522c04-d78d-4672-b4d5-297e035a4a47", + "description" : "TBD", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "8b875c18-e130-40ef-9f54-479c9593dbb4", "description" : "This control associated with hardware components within AWS is generally either partially or fully inherited from the AWS physical infrastructure. For the U.S. East, U.S. West, and GovCloud regions, this control is inherited from pre-existing Agency Authority to Operate (ATO) or JAB provisional Authority to Operate." @@ -836,7 +876,9 @@ "by-components" : [ { "component-uuid" : "463e6979-b660-4e61-b475-90777d228307", "uuid" : "b2c30e47-7e20-4d8c-a8a5-76e14371f047", + "description" : "TBD", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "3486928c-60a9-4549-a090-1b56af560221", "description" : "This control associated with hardware components within AWS is generally either partially or fully inherited from the AWS physical infrastructure. For the U.S. East, U.S. West, and GovCloud regions, this control is inherited from pre-existing Agency Authority to Operate (ATO) or JAB provisional Authority to Operate." @@ -854,7 +896,9 @@ "by-components" : [ { "component-uuid" : "463e6979-b660-4e61-b475-90777d228307", "uuid" : "a0710b8a-49a7-42f9-9c6b-c15345f3fbee", + "description" : "TBD", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "f075f560-32f2-4ec6-bd12-868d3bdd2310", "description" : "This control associated with hardware components within AWS is generally either partially or fully inherited from the AWS physical infrastructure. For the U.S. East, U.S. West, and GovCloud regions, this control is inherited from pre-existing Agency Authority to Operate (ATO) or JAB provisional Authority to Operate." @@ -883,7 +927,9 @@ "by-components" : [ { "component-uuid" : "463e6979-b660-4e61-b475-90777d228307", "uuid" : "c190a70f-74f3-4f4a-bf1b-b7a373816d48", + "description" : "TBD", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "d07af2dd-4725-4651-89d8-d732eb20fb22", "description" : "This control associated with hardware components within AWS is generally either partially or fully inherited from the AWS physical infrastructure. For the U.S. East, U.S. West, and GovCloud regions, this control is inherited from pre-existing Agency Authority to Operate (ATO) or JAB provisional Authority to Operate." @@ -914,7 +960,9 @@ "by-components" : [ { "component-uuid" : "463e6979-b660-4e61-b475-90777d228307", "uuid" : "ffe84fd7-6541-4b14-b09e-dbd792d76ef3", + "description" : "TBD", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "bbf26c5d-bb82-4d70-b4f2-882afe6d9bf4", "description" : "This control associated with hardware components within AWS is generally either partially or fully inherited from the AWS physical infrastructure. For the U.S. East, U.S. West, and GovCloud regions, this control is inherited from pre-existing Agency Authority to Operate (ATO) or JAB provisional Authority to Operate." @@ -932,7 +980,9 @@ "by-components" : [ { "component-uuid" : "463e6979-b660-4e61-b475-90777d228307", "uuid" : "747dc783-b19e-49bb-ab71-f095f7b3011f", + "description" : "TBD", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "faa72600-62e7-4440-b241-63ec94afd763", "description" : "This control associated with hardware components within AWS is generally either partially or fully inherited from the AWS physical infrastructure. For the U.S. East, U.S. West, and GovCloud regions, this control is inherited from pre-existing Agency Authority to Operate (ATO) or JAB provisional Authority to Operate." @@ -961,7 +1011,9 @@ "by-components" : [ { "component-uuid" : "463e6979-b660-4e61-b475-90777d228307", "uuid" : "f42c46cb-443d-459e-9aae-8bbf3b82edaf", + "description" : "TBD", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "1d56cf05-5ccc-4491-b506-8cebae18963a", "description" : "This control associated with hardware components within AWS is generally either partially or fully inherited from the AWS physical infrastructure. For the U.S. East, U.S. West, and GovCloud regions, this control is inherited from pre-existing Agency Authority to Operate (ATO) or JAB provisional Authority to Operate." @@ -992,7 +1044,9 @@ "by-components" : [ { "component-uuid" : "463e6979-b660-4e61-b475-90777d228307", "uuid" : "d8cc5638-2afe-459d-a3cb-a01976aeac85", + "description" : "TBD", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "441dadf2-bef9-4e06-8f43-dd03b441acdd", "description" : "This control associated with hardware components within AWS is generally either partially or fully inherited from the AWS physical infrastructure. For the U.S. East, U.S. West, and GovCloud regions, this control is inherited from pre-existing Agency Authority to Operate (ATO) or JAB provisional Authority to Operate." @@ -1010,7 +1064,9 @@ "by-components" : [ { "component-uuid" : "463e6979-b660-4e61-b475-90777d228307", "uuid" : "96892541-9b58-440e-b44e-3998a4a7be84", + "description" : "TBD", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "627ba3bb-1a54-4cf5-ad56-7155247f5280", "description" : "This control associated with hardware components within AWS is generally either partially or fully inherited from the AWS physical infrastructure. For the U.S. East, U.S. West, and GovCloud regions, this control is inherited from pre-existing Agency Authority to Operate (ATO) or JAB provisional Authority to Operate." @@ -1028,7 +1084,9 @@ "by-components" : [ { "component-uuid" : "463e6979-b660-4e61-b475-90777d228307", "uuid" : "02655970-983a-4b85-a49f-587749ce3d19", + "description" : "TBD", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "245d3044-c5f1-4167-9a6e-2c29388bba5e", "description" : "This control associated with hardware components within AWS is generally either partially or fully inherited from the AWS physical infrastructure. For the U.S. East, U.S. West, and GovCloud regions, this control is inherited from pre-existing Agency Authority to Operate (ATO) or JAB provisional Authority to Operate." @@ -1060,7 +1118,9 @@ "by-components" : [ { "component-uuid" : "463e6979-b660-4e61-b475-90777d228307", "uuid" : "24ee516c-0d3f-4960-90b7-afa66abc28a9", + "description" : "TBD", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "f4a058aa-a41c-4c58-9758-6c79f980fd18", "description" : "This control associated with hardware components within AWS is generally either partially or fully inherited from the AWS physical infrastructure. For the U.S. East, U.S. West, and GovCloud regions, this control is inherited from pre-existing Agency Authority to Operate (ATO) or JAB provisional Authority to Operate." @@ -1078,7 +1138,9 @@ "by-components" : [ { "component-uuid" : "463e6979-b660-4e61-b475-90777d228307", "uuid" : "7fe0f375-88a4-4fb0-b38c-d4a500e3b1d9", + "description" : "TBD", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "86b5fad1-4e75-43da-b257-9467fff7acfe", "description" : "This control associated with hardware components within AWS is generally either partially or fully inherited from the AWS physical infrastructure. For the U.S. East, U.S. West, and GovCloud regions, this control is inherited from pre-existing Agency Authority to Operate (ATO) or JAB provisional Authority to Operate." @@ -1114,7 +1176,9 @@ "by-components" : [ { "component-uuid" : "463e6979-b660-4e61-b475-90777d228307", "uuid" : "409c1e47-be79-43bf-aa2c-0fed0889c6d0", + "description" : "TBD", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "c81f9919-29f5-455b-a40d-3240093a0be5", "description" : "This control associated with hardware components within AWS is generally either partially or fully inherited from the AWS physical infrastructure. For the U.S. East, U.S. West, and GovCloud regions, this control is inherited from pre-existing Agency Authority to Operate (ATO) or JAB provisional Authority to Operate." @@ -1155,7 +1219,9 @@ "by-components" : [ { "component-uuid" : "463e6979-b660-4e61-b475-90777d228307", "uuid" : "092bfd62-aa7b-4409-a875-5fff7d2975b5", + "description" : "TBD", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "32b76454-93db-4bd1-9222-9604e6c5f7c7", "description" : "This control associated with hardware components within AWS is generally either partially or fully inherited from the AWS physical infrastructure. For the U.S. East, U.S. West, and GovCloud regions, this control is inherited from pre-existing Agency Authority to Operate (ATO) or JAB provisional Authority to Operate." @@ -1173,7 +1239,9 @@ "by-components" : [ { "component-uuid" : "463e6979-b660-4e61-b475-90777d228307", "uuid" : "d862d207-64d0-4d00-bcbe-097ea62ba6f5", + "description" : "TBD", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "b7367d62-0528-426b-8f97-f68a9530d619", "description" : "This control associated with hardware components within AWS is generally either partially or fully inherited from the AWS physical infrastructure. For the U.S. East, U.S. West, and GovCloud regions, this control is inherited from pre-existing Agency Authority to Operate (ATO) or JAB provisional Authority to Operate." @@ -1209,7 +1277,9 @@ "by-components" : [ { "component-uuid" : "463e6979-b660-4e61-b475-90777d228307", "uuid" : "9aaadee4-d49f-4de8-87ae-558fc6352e13", + "description" : "TBD", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "52572cd0-59ae-4248-8f07-68757ed538ec", "description" : "This control associated with hardware components within AWS is generally either partially or fully inherited from the AWS physical infrastructure. For the U.S. East, U.S. West, and GovCloud regions, this control is inherited from pre-existing Agency Authority to Operate (ATO) or JAB provisional Authority to Operate." @@ -1247,7 +1317,9 @@ "by-components" : [ { "component-uuid" : "463e6979-b660-4e61-b475-90777d228307", "uuid" : "3d05b563-2cb8-4e38-8f56-694f60a2453f", + "description" : "TBD", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "af8ae830-df78-443c-bf0f-dc164f0d90b3", "description" : "This control associated with hardware components within AWS is generally either partially or fully inherited from the AWS physical infrastructure. For the U.S. East, U.S. West, and GovCloud regions, this control is inherited from pre-existing Agency Authority to Operate (ATO) or JAB provisional Authority to Operate." @@ -1265,7 +1337,9 @@ "by-components" : [ { "component-uuid" : "463e6979-b660-4e61-b475-90777d228307", "uuid" : "bda847e5-11cc-4d9f-857a-45f8819fd230", + "description" : "TBD", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "ffc17fe4-0e82-4292-8fd0-493905941d48", "description" : "This control associated with hardware components within AWS is generally either partially or fully inherited from the AWS physical infrastructure. For the U.S. East, U.S. West, and GovCloud regions, this control is inherited from pre-existing Agency Authority to Operate (ATO) or JAB provisional Authority to Operate." @@ -1304,7 +1378,9 @@ "by-components" : [ { "component-uuid" : "463e6979-b660-4e61-b475-90777d228307", "uuid" : "2e132311-f565-4aed-9614-ccc6a77158e2", + "description" : "TBD", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "a02735f9-5446-4ed4-8c26-5ab744ae1b04", "description" : "This control associated with hardware components within AWS is generally either partially or fully inherited from the AWS physical infrastructure. For the U.S. East, U.S. West, and GovCloud regions, this control is inherited from pre-existing Agency Authority to Operate (ATO) or JAB provisional Authority to Operate." @@ -1322,7 +1398,9 @@ "by-components" : [ { "component-uuid" : "463e6979-b660-4e61-b475-90777d228307", "uuid" : "91fa9408-1373-4254-9159-cb2695e615a8", + "description" : "TBD", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "70698d4a-e8c2-4b9c-9395-c0582d8b8022", "description" : "This control associated with hardware components within AWS is generally either partially or fully inherited from the AWS physical infrastructure. For the U.S. East, U.S. West, and GovCloud regions, this control is inherited from pre-existing Agency Authority to Operate (ATO) or JAB provisional Authority to Operate." @@ -1361,7 +1439,9 @@ "by-components" : [ { "component-uuid" : "463e6979-b660-4e61-b475-90777d228307", "uuid" : "c487bf9a-c8fc-4180-92dc-ee528ece1949", + "description" : "TBD", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "6056c6b8-60b1-498b-acf4-3d6c6fe8830a", "description" : "This control associated with hardware components within AWS is generally either partially or fully inherited from the AWS physical infrastructure. For the U.S. East, U.S. West, and GovCloud regions, this control is inherited from pre-existing Agency Authority to Operate (ATO) or JAB provisional Authority to Operate." @@ -1379,7 +1459,9 @@ "by-components" : [ { "component-uuid" : "463e6979-b660-4e61-b475-90777d228307", "uuid" : "40d22136-bb9c-4366-889b-6e59f8332069", + "description" : "TBD", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "01fa8cff-5d8e-4e04-af66-9384ee9c3606", "description" : "This control associated with hardware components within AWS is generally either partially or fully inherited from the AWS physical infrastructure. For the U.S. East, U.S. West, and GovCloud regions, this control is inherited from pre-existing Agency Authority to Operate (ATO) or JAB provisional Authority to Operate." @@ -1397,7 +1479,9 @@ "by-components" : [ { "component-uuid" : "463e6979-b660-4e61-b475-90777d228307", "uuid" : "4c84e881-7969-45ce-be75-7b223d4d1be3", + "description" : "TBD", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "03f61f6e-7c67-4701-a9cd-30563989a670", "description" : "This control associated with hardware components within AWS is generally either partially or fully inherited from the AWS physical infrastructure. For the U.S. East, U.S. West, and GovCloud regions, this control is inherited from pre-existing Agency Authority to Operate (ATO) or JAB provisional Authority to Operate." @@ -1415,7 +1499,9 @@ "by-components" : [ { "component-uuid" : "463e6979-b660-4e61-b475-90777d228307", "uuid" : "dee24e7a-a80e-4598-b281-e15f6d247e4d", + "description" : "TBD", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "769edda4-b4ed-4671-978d-85b16bfd564e", "description" : "This control associated with hardware components within AWS is generally either partially or fully inherited from the AWS physical infrastructure. For the U.S. East, U.S. West, and GovCloud regions, this control is inherited from pre-existing Agency Authority to Operate (ATO) or JAB provisional Authority to Operate." @@ -1444,7 +1530,9 @@ "by-components" : [ { "component-uuid" : "463e6979-b660-4e61-b475-90777d228307", "uuid" : "902a1af4-6479-4833-8d22-3efdf7d30edc", + "description" : "TBD", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "f7c948c9-b471-4a53-a56a-af75ece5d75e", "description" : "This control associated with hardware components within AWS is generally either partially or fully inherited from the AWS physical infrastructure. For the U.S. East, U.S. West, and GovCloud regions, this control is inherited from pre-existing Agency Authority to Operate (ATO) or JAB provisional Authority to Operate." @@ -1482,7 +1570,9 @@ "by-components" : [ { "component-uuid" : "463e6979-b660-4e61-b475-90777d228307", "uuid" : "7e5a2ff0-9bb8-4e96-b3ea-8ee6c7ae189e", + "description" : "TBD", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "80e0c1ad-0366-4d71-a228-e81f553daf70", "description" : "This control associated with hardware components within AWS is generally either partially or fully inherited from the AWS physical infrastructure. For the U.S. East, U.S. West, and GovCloud regions, this control is inherited from pre-existing Agency Authority to Operate (ATO) or JAB provisional Authority to Operate." @@ -1500,7 +1590,9 @@ "by-components" : [ { "component-uuid" : "463e6979-b660-4e61-b475-90777d228307", "uuid" : "2f0f0bfa-fa0e-4245-b54a-926b349f5f6b", + "description" : "TBD", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "1b8d9da7-1c8e-4b05-af8c-b4887adcfe2a", "description" : "This control associated with hardware components within AWS is generally either partially or fully inherited from the AWS physical infrastructure. For the U.S. East, U.S. West, and GovCloud regions, this control is inherited from pre-existing Agency Authority to Operate (ATO) or JAB provisional Authority to Operate." @@ -1529,7 +1621,9 @@ "by-components" : [ { "component-uuid" : "463e6979-b660-4e61-b475-90777d228307", "uuid" : "3c52d224-4181-42e6-a477-96862a7547ea", + "description" : "TBD", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "c803d36a-1e21-4f51-9380-29fdaca0c823", "description" : "This control associated with hardware components within AWS is generally either partially or fully inherited from the AWS physical infrastructure. For the U.S. East, U.S. West, and GovCloud regions, this control is inherited from pre-existing Agency Authority to Operate (ATO) or JAB provisional Authority to Operate." @@ -1561,7 +1655,9 @@ "by-components" : [ { "component-uuid" : "463e6979-b660-4e61-b475-90777d228307", "uuid" : "5bf37408-0101-487e-82d3-6aef883b259d", + "description" : "TBD", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "ad041938-5dff-484d-8ecd-3888b3f30781", "description" : "This control associated with hardware components within AWS is generally either partially or fully inherited from the AWS physical infrastructure. For the U.S. East, U.S. West, and GovCloud regions, this control is inherited from pre-existing Agency Authority to Operate (ATO) or JAB provisional Authority to Operate." @@ -1593,7 +1689,9 @@ "by-components" : [ { "component-uuid" : "463e6979-b660-4e61-b475-90777d228307", "uuid" : "f5ac2d2d-abeb-4ad5-be32-83225ff6a8da", + "description" : "TBD", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "373974c4-c109-4b09-81f7-bf16ab35794d", "description" : "This control associated with hardware components within AWS is generally either partially or fully inherited from the AWS physical infrastructure. For the U.S. East, U.S. West, and GovCloud regions, this control is inherited from pre-existing Agency Authority to Operate (ATO) or JAB provisional Authority to Operate." @@ -1634,7 +1732,9 @@ "by-components" : [ { "component-uuid" : "463e6979-b660-4e61-b475-90777d228307", "uuid" : "e93f9b10-7017-4bbb-beb2-c0c60a11570e", + "description" : "TBD", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "c5ca7ce6-d6bd-4b15-bfff-222f9c04b23a", "description" : "This control associated with hardware components within AWS is generally either partially or fully inherited from the AWS physical infrastructure. For the U.S. East, U.S. West, and GovCloud regions, this control is inherited from pre-existing Agency Authority to Operate (ATO) or JAB provisional Authority to Operate." @@ -1662,7 +1762,9 @@ "by-components" : [ { "component-uuid" : "463e6979-b660-4e61-b475-90777d228307", "uuid" : "4e1cfda5-3463-4dff-ab6f-ee82d4fc12d4", + "description" : "TBD", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "01a0d189-d163-42ef-971e-f483eb1a89e3", "description" : "This control associated with hardware components within AWS is generally either partially or fully inherited from the AWS physical infrastructure. For the U.S. East, U.S. West, and GovCloud regions, this control is inherited from pre-existing Agency Authority to Operate (ATO) or JAB provisional Authority to Operate." @@ -1703,7 +1805,9 @@ "by-components" : [ { "component-uuid" : "463e6979-b660-4e61-b475-90777d228307", "uuid" : "5f8020ca-afa5-41d3-8b8c-29372db8af1d", + "description" : "TBD", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "febe4d8a-4107-4e8f-9bca-c9a0c96d7cb0", "description" : "This control associated with hardware components within AWS is generally either partially or fully inherited from the AWS physical infrastructure. For the U.S. East, U.S. West, and GovCloud regions, this control is inherited from pre-existing Agency Authority to Operate (ATO) or JAB provisional Authority to Operate." @@ -1721,7 +1825,9 @@ "by-components" : [ { "component-uuid" : "463e6979-b660-4e61-b475-90777d228307", "uuid" : "5b81c845-e335-4854-9189-bbbdeeb8c220", + "description" : "TBD", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "920d4c86-6f4a-4b57-a991-3ec6c62a5cfd", "description" : "This control associated with hardware components within AWS is generally either partially or fully inherited from the AWS physical infrastructure. For the U.S. East, U.S. West, and GovCloud regions, this control is inherited from pre-existing Agency Authority to Operate (ATO) or JAB provisional Authority to Operate." @@ -1757,7 +1863,9 @@ "by-components" : [ { "component-uuid" : "463e6979-b660-4e61-b475-90777d228307", "uuid" : "c463ebb0-ec05-4bdf-af2e-b44b0ab9ed7e", + "description" : "TBD", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "5643f75d-672b-465b-869e-c6c80962c9be", "description" : "This control associated with hardware components within AWS is generally either partially or fully inherited from the AWS physical infrastructure. For the U.S. East, U.S. West, and GovCloud regions, this control is inherited from pre-existing Agency Authority to Operate (ATO) or JAB provisional Authority to Operate." @@ -1775,7 +1883,9 @@ "by-components" : [ { "component-uuid" : "463e6979-b660-4e61-b475-90777d228307", "uuid" : "0a8cdb94-3fbc-4c0e-a4a1-5bbbeb85aca2", + "description" : "TBD", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "3301e8bd-5cdc-4cc6-835e-ac8af07d7f5c", "description" : "This control associated with hardware components within AWS is generally either partially or fully inherited from the AWS physical infrastructure. For the U.S. East, U.S. West, and GovCloud regions, this control is inherited from pre-existing Agency Authority to Operate (ATO) or JAB provisional Authority to Operate." @@ -1793,7 +1903,9 @@ "by-components" : [ { "component-uuid" : "463e6979-b660-4e61-b475-90777d228307", "uuid" : "8b94c5b1-f4c9-47e4-b2e6-1b3ba3ff0808", + "description" : "TBD", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "cfeb89af-a484-49c4-9988-96237c86944e", "description" : "This control associated with hardware components within AWS is generally either partially or fully inherited from the AWS physical infrastructure. For the U.S. East, U.S. West, and GovCloud regions, this control is inherited from pre-existing Agency Authority to Operate (ATO) or JAB provisional Authority to Operate." @@ -1811,7 +1923,9 @@ "by-components" : [ { "component-uuid" : "463e6979-b660-4e61-b475-90777d228307", "uuid" : "2f9fe10b-ba9e-4291-98b5-13bb6fc0c58c", + "description" : "TBD", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "e7024325-6340-4e1f-a4b8-c741d1e36bb4", "description" : "This control associated with hardware components within AWS is generally either partially or fully inherited from the AWS physical infrastructure. For the U.S. East, U.S. West, and GovCloud regions, this control is inherited from pre-existing Agency Authority to Operate (ATO) or JAB provisional Authority to Operate." @@ -1871,7 +1985,9 @@ "by-components" : [ { "component-uuid" : "463e6979-b660-4e61-b475-90777d228307", "uuid" : "3b3ecf6b-d4a9-499c-a5d1-2887b4987aca", + "description" : "TBD", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "542b2329-5497-456f-b117-746e798b9929", "description" : "This control associated with hardware components within AWS is generally either partially or fully inherited from the AWS physical infrastructure. For the U.S. East, U.S. West, and GovCloud regions, this control is inherited from pre-existing Agency Authority to Operate (ATO) or JAB provisional Authority to Operate." @@ -1889,7 +2005,9 @@ "by-components" : [ { "component-uuid" : "463e6979-b660-4e61-b475-90777d228307", "uuid" : "ead33ba5-eb15-48e3-900e-8a3e9cf289d9", + "description" : "TBD", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "96ff07de-683f-4181-8813-ae4498d66f05", "description" : "This control associated with hardware components within AWS is generally either partially or fully inherited from the AWS physical infrastructure. For the U.S. East, U.S. West, and GovCloud regions, this control is inherited from pre-existing Agency Authority to Operate (ATO) or JAB provisional Authority to Operate." @@ -1907,7 +2025,9 @@ "by-components" : [ { "component-uuid" : "463e6979-b660-4e61-b475-90777d228307", "uuid" : "66ece908-ee7b-468b-a5b4-e900aa724ea1", + "description" : "TBD", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "f4c09934-895b-40e8-b122-aa08ea9b50ba", "description" : "This control associated with hardware components within AWS is generally either partially or fully inherited from the AWS physical infrastructure. For the U.S. East, U.S. West, and GovCloud regions, this control is inherited from pre-existing Agency Authority to Operate (ATO) or JAB provisional Authority to Operate." @@ -1925,7 +2045,9 @@ "by-components" : [ { "component-uuid" : "463e6979-b660-4e61-b475-90777d228307", "uuid" : "2db60ecd-c0a9-4be8-a6b5-c4bb45d9ec49", + "description" : "TBD", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "81660f14-0393-4219-98ac-9e2c8f7142f6", "description" : "This control associated with hardware components within AWS is generally either partially or fully inherited from the AWS physical infrastructure. For the U.S. East, U.S. West, and GovCloud regions, this control is inherited from pre-existing Agency Authority to Operate (ATO) or JAB provisional Authority to Operate." @@ -1943,7 +2065,9 @@ "by-components" : [ { "component-uuid" : "463e6979-b660-4e61-b475-90777d228307", "uuid" : "72dfa4c9-d24a-4ac2-8c66-46e0992e9158", + "description" : "TBD", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "0a453bbe-cb88-45c8-b6ae-5033bc09feff", "description" : "This control associated with hardware components within AWS is generally either partially or fully inherited from the AWS physical infrastructure. For the U.S. East, U.S. West, and GovCloud regions, this control is inherited from pre-existing Agency Authority to Operate (ATO) or JAB provisional Authority to Operate." @@ -1961,7 +2085,9 @@ "by-components" : [ { "component-uuid" : "463e6979-b660-4e61-b475-90777d228307", "uuid" : "27000dc4-4d7c-4e0c-aa8a-581babfe7745", + "description" : "TBD", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "e7799c91-b885-4d4e-b198-a7988c76c3ad", "description" : "This control associated with hardware components within AWS is generally either partially or fully inherited from the AWS physical infrastructure. For the U.S. East, U.S. West, and GovCloud regions, this control is inherited from pre-existing Agency Authority to Operate (ATO) or JAB provisional Authority to Operate." @@ -1979,7 +2105,9 @@ "by-components" : [ { "component-uuid" : "463e6979-b660-4e61-b475-90777d228307", "uuid" : "2040d1a5-ddd0-405d-8edd-e58f77a59ad3", + "description" : "TBD", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "92842d62-9ca0-46f9-a431-abf9e6b4f594", "description" : "This control associated with hardware components within AWS is generally either partially or fully inherited from the AWS physical infrastructure. For the U.S. East, U.S. West, and GovCloud regions, this control is inherited from pre-existing Agency Authority to Operate (ATO) or JAB provisional Authority to Operate." @@ -2012,7 +2140,9 @@ "by-components" : [ { "component-uuid" : "463e6979-b660-4e61-b475-90777d228307", "uuid" : "6d925c2b-0462-4a75-aa45-03b73c017307", + "description" : "TBD", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "c2ac04dc-acb4-418a-84e5-b58730f01dee", "description" : "This control associated with hardware components within AWS is generally either partially or fully inherited from the AWS physical infrastructure. For the U.S. East, U.S. West, and GovCloud regions, this control is inherited from pre-existing Agency Authority to Operate (ATO) or JAB provisional Authority to Operate." @@ -2047,7 +2177,9 @@ "by-components" : [ { "component-uuid" : "463e6979-b660-4e61-b475-90777d228307", "uuid" : "bec2e74d-c33d-4232-a4ac-424abf2637ff", + "description" : "TBD", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "cd19a3a6-00e2-4a44-9c63-bf795f9c93d1", "description" : "This control associated with hardware components within AWS is generally either partially or fully inherited from the AWS physical infrastructure. For the U.S. East, U.S. West, and GovCloud regions, this control is inherited from pre-existing Agency Authority to Operate (ATO) or JAB provisional Authority to Operate." @@ -2075,7 +2207,9 @@ "by-components" : [ { "component-uuid" : "463e6979-b660-4e61-b475-90777d228307", "uuid" : "4a99e9c6-ff33-4a37-abc9-b6b9ca7d4657", + "description" : "TBD", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "259c0c8f-3bb9-4e43-877b-c896a20aee7d", "description" : "This control associated with hardware components within AWS is generally either partially or fully inherited from the AWS physical infrastructure. For the U.S. East, U.S. West, and GovCloud regions, this control is inherited from pre-existing Agency Authority to Operate (ATO) or JAB provisional Authority to Operate." @@ -2113,7 +2247,9 @@ "by-components" : [ { "component-uuid" : "463e6979-b660-4e61-b475-90777d228307", "uuid" : "6fd8dba3-df21-4c25-9994-95a66c3c74be", + "description" : "TBD", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "f5320fa1-6ce9-4ef6-a6a8-422f619a41f9", "description" : "This control associated with hardware components within AWS is generally either partially or fully inherited from the AWS physical infrastructure. For the U.S. East, U.S. West, and GovCloud regions, this control is inherited from pre-existing Agency Authority to Operate (ATO) or JAB provisional Authority to Operate." @@ -2131,7 +2267,9 @@ "by-components" : [ { "component-uuid" : "463e6979-b660-4e61-b475-90777d228307", "uuid" : "4d196aef-1385-4bf2-8b00-28258e22b677", + "description" : "TBD", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "b62d1197-e6c0-4b42-8f77-02b311b8faab", "description" : "This control associated with hardware components within AWS is generally either partially or fully inherited from the AWS physical infrastructure. For the U.S. East, U.S. West, and GovCloud regions, this control is inherited from pre-existing Agency Authority to Operate (ATO) or JAB provisional Authority to Operate." @@ -2149,7 +2287,9 @@ "by-components" : [ { "component-uuid" : "463e6979-b660-4e61-b475-90777d228307", "uuid" : "c148993e-862d-40b1-b670-f19db4114e95", + "description" : "TBD", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "25356503-3b18-4a0e-b97a-cf243e4e174c", "description" : "This control associated with hardware components within AWS is generally either partially or fully inherited from the AWS physical infrastructure. For the U.S. East, U.S. West, and GovCloud regions, this control is inherited from pre-existing Agency Authority to Operate (ATO) or JAB provisional Authority to Operate." @@ -2178,7 +2318,9 @@ "by-components" : [ { "component-uuid" : "463e6979-b660-4e61-b475-90777d228307", "uuid" : "70e9c839-37dc-48c9-ac6a-d34bf6dbaa17", + "description" : "TBD", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "e9a252ad-ff10-43ca-a790-024d5c8771ae", "description" : "This control associated with hardware components within AWS is generally either partially or fully inherited from the AWS physical infrastructure. For the U.S. East, U.S. West, and GovCloud regions, this control is inherited from pre-existing Agency Authority to Operate (ATO) or JAB provisional Authority to Operate." @@ -2210,7 +2352,9 @@ "by-components" : [ { "component-uuid" : "463e6979-b660-4e61-b475-90777d228307", "uuid" : "8727a64e-a367-4b17-86b1-742dada3a0c1", + "description" : "TBD", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "59b5f4ea-33eb-4000-a636-aaa4004e29b0", "description" : "This control associated with hardware components within AWS is generally either partially or fully inherited from the AWS physical infrastructure. For the U.S. East, U.S. West, and GovCloud regions, this control is inherited from pre-existing Agency Authority to Operate (ATO) or JAB provisional Authority to Operate." @@ -2248,7 +2392,9 @@ "by-components" : [ { "component-uuid" : "463e6979-b660-4e61-b475-90777d228307", "uuid" : "83d8d2e9-abb0-442a-a232-b6b3ade4040e", + "description" : "TBD", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "9301b521-7676-45eb-9d3c-a7466b652b84", "description" : "This control associated with hardware components within AWS is generally either partially or fully inherited from the AWS physical infrastructure. For the U.S. East, U.S. West, and GovCloud regions, this control is inherited from pre-existing Agency Authority to Operate (ATO) or JAB provisional Authority to Operate." @@ -2266,7 +2412,9 @@ "by-components" : [ { "component-uuid" : "463e6979-b660-4e61-b475-90777d228307", "uuid" : "36ab955e-ac9b-4fd5-83a9-2cc35c5fa5b8", + "description" : "TBD", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "dc217439-df1e-4d91-ae4c-10b790b961e4", "description" : "This control associated with hardware components within AWS is generally either partially or fully inherited from the AWS physical infrastructure. For the U.S. East, U.S. West, and GovCloud regions, this control is inherited from pre-existing Agency Authority to Operate (ATO) or JAB provisional Authority to Operate." @@ -2295,7 +2443,9 @@ "by-components" : [ { "component-uuid" : "463e6979-b660-4e61-b475-90777d228307", "uuid" : "5e212f76-bae7-47ce-b7bc-c093b7133dfc", + "description" : "TBD", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "2079e0b4-5fb6-403b-a69a-1f39fd96c0b7", "description" : "This control associated with hardware components within AWS is generally either partially or fully inherited from the AWS physical infrastructure. For the U.S. East, U.S. West, and GovCloud regions, this control is inherited from pre-existing Agency Authority to Operate (ATO) or JAB provisional Authority to Operate." @@ -2323,7 +2473,9 @@ "by-components" : [ { "component-uuid" : "463e6979-b660-4e61-b475-90777d228307", "uuid" : "476a42e2-6778-4b2b-8f9b-77aec5a538dd", + "description" : "TBD", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "20679a94-74fe-4055-b7d8-3a2014dcc049", "description" : "This control associated with hardware components within AWS is generally either partially or fully inherited from the AWS physical infrastructure. For the U.S. East, U.S. West, and GovCloud regions, this control is inherited from pre-existing Agency Authority to Operate (ATO) or JAB provisional Authority to Operate." @@ -2358,7 +2510,9 @@ "by-components" : [ { "component-uuid" : "463e6979-b660-4e61-b475-90777d228307", "uuid" : "d1b09916-2698-4642-bddd-7e3f6b69e1e1", + "description" : "TBD", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "f556c40b-a2d8-4f2a-bdaa-5a37073548fe", "description" : "This control associated with hardware components within AWS is generally either partially or fully inherited from the AWS physical infrastructure. For the U.S. East, U.S. West, and GovCloud regions, this control is inherited from pre-existing Agency Authority to Operate (ATO) or JAB provisional Authority to Operate." @@ -2376,7 +2530,9 @@ "by-components" : [ { "component-uuid" : "463e6979-b660-4e61-b475-90777d228307", "uuid" : "7600b228-0413-4e7b-91ae-24537ad02f25", + "description" : "TBD", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "291bebf7-594a-401d-a2c0-d24d2aac6bf2", "description" : "This control associated with hardware components within AWS is generally either partially or fully inherited from the AWS physical infrastructure. For the U.S. East, U.S. West, and GovCloud regions, this control is inherited from pre-existing Agency Authority to Operate (ATO) or JAB provisional Authority to Operate." @@ -2394,7 +2550,9 @@ "by-components" : [ { "component-uuid" : "463e6979-b660-4e61-b475-90777d228307", "uuid" : "b8c7793c-8209-4280-97ec-8637c6e55fd3", + "description" : "TBD", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "b37cec5a-2b40-477f-976d-f0e264dd2b8e", "description" : "This control associated with hardware components within AWS is generally either partially or fully inherited from the AWS physical infrastructure. For the U.S. East, U.S. West, and GovCloud regions, this control is inherited from pre-existing Agency Authority to Operate (ATO) or JAB provisional Authority to Operate." @@ -2427,7 +2585,9 @@ "by-components" : [ { "component-uuid" : "463e6979-b660-4e61-b475-90777d228307", "uuid" : "4e691a77-ec56-4ad4-b532-7ed71b9b08aa", + "description" : "TBD", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "01f1d712-a58c-40b5-aa5b-ea123f03d7dc", "description" : "This control associated with hardware components within AWS is generally either partially or fully inherited from the AWS physical infrastructure. For the U.S. East, U.S. West, and GovCloud regions, this control is inherited from pre-existing Agency Authority to Operate (ATO) or JAB provisional Authority to Operate." @@ -2455,7 +2615,9 @@ "by-components" : [ { "component-uuid" : "463e6979-b660-4e61-b475-90777d228307", "uuid" : "7a0ef9ab-66e7-47a6-b25a-3db8378d04f8", + "description" : "TBD", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "d6d16f6d-5ac5-4c94-8066-d9bc1c67eb82", "description" : "This control associated with hardware components within AWS is generally either partially or fully inherited from the AWS physical infrastructure. For the U.S. East, U.S. West, and GovCloud regions, this control is inherited from pre-existing Agency Authority to Operate (ATO) or JAB provisional Authority to Operate." @@ -2483,7 +2645,9 @@ "by-components" : [ { "component-uuid" : "463e6979-b660-4e61-b475-90777d228307", "uuid" : "7153a18a-1c44-43f9-b897-a7c51f024d40", + "description" : "TBD", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "956fb932-4841-402b-9b3d-3393ad295dfd", "description" : "This control associated with hardware components within AWS is generally either partially or fully inherited from the AWS physical infrastructure. For the U.S. East, U.S. West, and GovCloud regions, this control is inherited from pre-existing Agency Authority to Operate (ATO) or JAB provisional Authority to Operate." @@ -2511,7 +2675,9 @@ "by-components" : [ { "component-uuid" : "463e6979-b660-4e61-b475-90777d228307", "uuid" : "12f7481f-055d-46d3-bb53-86d7e3651e26", + "description" : "TBD", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "178d5628-b2fc-40ee-ad44-ba6b95888b99", "description" : "This control associated with hardware components within AWS is generally either partially or fully inherited from the AWS physical infrastructure. For the U.S. East, U.S. West, and GovCloud regions, this control is inherited from pre-existing Agency Authority to Operate (ATO) or JAB provisional Authority to Operate." @@ -2546,7 +2712,9 @@ "by-components" : [ { "component-uuid" : "463e6979-b660-4e61-b475-90777d228307", "uuid" : "d68dcfcc-48bd-440d-a7e0-8c0699449ad6", + "description" : "TBD", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "9f2515b3-e250-4449-9779-28bcd6faf77d", "description" : "This control associated with hardware components within AWS is generally either partially or fully inherited from the AWS physical infrastructure. For the U.S. East, U.S. West, and GovCloud regions, this control is inherited from pre-existing Agency Authority to Operate (ATO) or JAB provisional Authority to Operate." @@ -2581,7 +2749,9 @@ "by-components" : [ { "component-uuid" : "463e6979-b660-4e61-b475-90777d228307", "uuid" : "4ede96a6-6cac-4dfb-9769-40f341192bea", + "description" : "TBD", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "e28bff74-96a4-454d-98d7-c59e122d63fb", "description" : "This control associated with hardware components within AWS is generally either partially or fully inherited from the AWS physical infrastructure. For the U.S. East, U.S. West, and GovCloud regions, this control is inherited from pre-existing Agency Authority to Operate (ATO) or JAB provisional Authority to Operate." @@ -2609,7 +2779,9 @@ "by-components" : [ { "component-uuid" : "463e6979-b660-4e61-b475-90777d228307", "uuid" : "47f93be9-2806-4939-b7cb-4dc13784717a", + "description" : "TBD", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "d7caf3b3-f81b-42ef-9afc-926cee762d34", "description" : "This control associated with hardware components within AWS is generally either partially or fully inherited from the AWS physical infrastructure. For the U.S. East, U.S. West, and GovCloud regions, this control is inherited from pre-existing Agency Authority to Operate (ATO) or JAB provisional Authority to Operate." @@ -2647,7 +2819,9 @@ "by-components" : [ { "component-uuid" : "463e6979-b660-4e61-b475-90777d228307", "uuid" : "bd8d9613-c072-44fe-8674-147d13925382", + "description" : "TBD", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "24d459a8-dd81-4881-ae25-6f69a155a174", "description" : "This control associated with hardware components within AWS is generally either partially or fully inherited from the AWS physical infrastructure. For the U.S. East, U.S. West, and GovCloud regions, this control is inherited from pre-existing Agency Authority to Operate (ATO) or JAB provisional Authority to Operate." @@ -2665,7 +2839,9 @@ "by-components" : [ { "component-uuid" : "463e6979-b660-4e61-b475-90777d228307", "uuid" : "e126ea00-6678-4b2d-a171-d75a0a0f3d9a", + "description" : "TBD", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "9ff9038d-e1f7-4d3f-a5b0-ff301848eeaf", "description" : "This control associated with hardware components within AWS is generally either partially or fully inherited from the AWS physical infrastructure. For the U.S. East, U.S. West, and GovCloud regions, this control is inherited from pre-existing Agency Authority to Operate (ATO) or JAB provisional Authority to Operate." @@ -2694,7 +2870,9 @@ "by-components" : [ { "component-uuid" : "463e6979-b660-4e61-b475-90777d228307", "uuid" : "20c0da71-a712-46c1-84a2-856fd428f7f3", + "description" : "TBD", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "a1ef191c-a130-4145-82ca-fa1895af11dd", "description" : "This control associated with hardware components within AWS is generally either partially or fully inherited from the AWS physical infrastructure. For the U.S. East, U.S. West, and GovCloud regions, this control is inherited from pre-existing Agency Authority to Operate (ATO) or JAB provisional Authority to Operate." @@ -2722,7 +2900,9 @@ "by-components" : [ { "component-uuid" : "463e6979-b660-4e61-b475-90777d228307", "uuid" : "3b39a1d5-d58b-40cc-a800-126c564f7da4", + "description" : "TBD", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "ac93fa47-dd7d-445a-a407-cb93947580ca", "description" : "This control associated with hardware components within AWS is generally either partially or fully inherited from the AWS physical infrastructure. For the U.S. East, U.S. West, and GovCloud regions, this control is inherited from pre-existing Agency Authority to Operate (ATO) or JAB provisional Authority to Operate." @@ -2754,7 +2934,9 @@ "by-components" : [ { "component-uuid" : "463e6979-b660-4e61-b475-90777d228307", "uuid" : "00c98ea4-1a92-4f46-ad19-49934bbba173", + "description" : "TBD", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "7b581e32-56d2-4243-9057-8d57c7ec842e", "description" : "This control associated with hardware components within AWS is generally either partially or fully inherited from the AWS physical infrastructure. For the U.S. East, U.S. West, and GovCloud regions, this control is inherited from pre-existing Agency Authority to Operate (ATO) or JAB provisional Authority to Operate." @@ -2786,7 +2968,9 @@ "by-components" : [ { "component-uuid" : "463e6979-b660-4e61-b475-90777d228307", "uuid" : "f8d231f5-d9be-42cc-be78-dad690e480c1", + "description" : "TBD", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "4bb45439-3b70-4a5c-adcd-e4becd0b14c9", "description" : "This control associated with hardware components within AWS is generally either partially or fully inherited from the AWS physical infrastructure. For the U.S. East, U.S. West, and GovCloud regions, this control is inherited from pre-existing Agency Authority to Operate (ATO) or JAB provisional Authority to Operate." @@ -2821,7 +3005,9 @@ "by-components" : [ { "component-uuid" : "463e6979-b660-4e61-b475-90777d228307", "uuid" : "965e16bb-a4b1-4396-b523-baa8e0b9a5bc", + "description" : "TBD", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "311bf6f3-8920-44bf-a216-3aad35b27614", "description" : "This control associated with hardware components within AWS is generally either partially or fully inherited from the AWS physical infrastructure. For the U.S. East, U.S. West, and GovCloud regions, this control is inherited from pre-existing Agency Authority to Operate (ATO) or JAB provisional Authority to Operate." @@ -2839,7 +3025,9 @@ "by-components" : [ { "component-uuid" : "463e6979-b660-4e61-b475-90777d228307", "uuid" : "7091b24c-1aa1-49d7-9ad6-bae60f88d0e3", + "description" : "TBD", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "7fd2e269-a354-440d-bc52-6a158fb2dbd4", "description" : "This control associated with hardware components within AWS is generally either partially or fully inherited from the AWS physical infrastructure. For the U.S. East, U.S. West, and GovCloud regions, this control is inherited from pre-existing Agency Authority to Operate (ATO) or JAB provisional Authority to Operate." @@ -2857,7 +3045,9 @@ "by-components" : [ { "component-uuid" : "463e6979-b660-4e61-b475-90777d228307", "uuid" : "4df3485f-407d-42b8-ab8e-8c634216c51b", + "description" : "TBD", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "81f4d2b6-91de-48eb-a0ad-8afe37eccd2d", "description" : "This control associated with hardware components within AWS is generally either partially or fully inherited from the AWS physical infrastructure. For the U.S. East, U.S. West, and GovCloud regions, this control is inherited from pre-existing Agency Authority to Operate (ATO) or JAB provisional Authority to Operate." @@ -2890,7 +3080,9 @@ "by-components" : [ { "component-uuid" : "463e6979-b660-4e61-b475-90777d228307", "uuid" : "15a1aa21-71d2-4728-9b0b-38fbe10f8b86", + "description" : "TBD", "export" : { + "description" : "TBD", "provided" : [ { "uuid" : "78a2ecba-1b3b-4aac-ad0b-f0ce572aea46", "description" : "This control associated with hardware components within AWS is generally either partially or fully inherited from the AWS physical infrastructure. For the U.S. East, U.S. West, and GovCloud regions, this control is inherited from pre-existing Agency Authority to Operate (ATO) or JAB provisional Authority to Operate." diff --git a/oscal-content/xml/profile/blossom_moderate_profile_resolved.xml b/oscal-content/xml/catalog/blossom_moderate_profile_resolved_to_catalog.xml similarity index 99% rename from oscal-content/xml/profile/blossom_moderate_profile_resolved.xml rename to oscal-content/xml/catalog/blossom_moderate_profile_resolved_to_catalog.xml index 145e83d..3f127d0 100644 --- a/oscal-content/xml/profile/blossom_moderate_profile_resolved.xml +++ b/oscal-content/xml/catalog/blossom_moderate_profile_resolved_to_catalog.xml @@ -1,12 +1,13 @@ - - + + NIST BloSS@M Tailored Moderate Baseline - 2024-03-20T21:24:47.769914Z + 2024-05-30T18:28:59.688431Z 0.0.1 1.1.2 - diff --git a/oscal-content/xml/ssp/aws_leveraged_authorization_ssp.xml b/oscal-content/xml/ssp/aws_leveraged_authorization_ssp.xml index 47ceebe..5aee1fa 100644 --- a/oscal-content/xml/ssp/aws_leveraged_authorization_ssp.xml +++ b/oscal-content/xml/ssp/aws_leveraged_authorization_ssp.xml @@ -181,7 +181,7 @@ Corrective Action (Policy/Regulation) - +

TBD

 C.2.1.1 @@ -206,11 +206,11 @@ - +

TBD

 - +

TBD

 @@ -323,7 +323,7 @@

TBD:

- +

TBD

TBD:

@@ -361,9 +361,9 @@ - +

TBD

 - +

TBD

This control associated with hardware components within AWS is generally either @@ -387,9 +387,9 @@ - +

TBD

 - +

TBD

This control associated with hardware components within AWS is generally either @@ -426,9 +426,9 @@ - +

TBD

 - +

TBD

This control associated with hardware components within AWS is generally either @@ -452,9 +452,9 @@ - +

TBD

 - +

TBD

This control associated with hardware components within AWS is generally either @@ -478,9 +478,9 @@ - +

TBD

 - +

TBD

This control associated with hardware components within AWS is generally either @@ -504,9 +504,9 @@ - +

TBD

 - +

TBD

This control associated with hardware components within AWS is generally either @@ -530,9 +530,9 @@ - +

TBD

 - +

TBD

This control associated with hardware components within AWS is generally either @@ -556,9 +556,9 @@ - +

TBD

 - +

TBD

This control associated with hardware components within AWS is generally either @@ -588,9 +588,9 @@ - +

TBD

 - +

TBD

This control associated with hardware components within AWS is generally either @@ -619,9 +619,9 @@ - +

TBD

 - +

TBD

This control associated with hardware components within AWS is generally either @@ -650,9 +650,9 @@ - +

TBD

 - +

TBD

This control associated with hardware components within AWS is generally either @@ -685,9 +685,9 @@ - +

TBD

 - +

TBD

This control associated with hardware components within AWS is generally either @@ -711,9 +711,9 @@ - +

TBD

 - +

TBD

This control associated with hardware components within AWS is generally either @@ -737,9 +737,9 @@ - +

TBD

 - +

TBD

This control associated with hardware components within AWS is generally either @@ -763,9 +763,9 @@ - +

TBD

 - +

TBD

This control associated with hardware components within AWS is generally either @@ -796,9 +796,9 @@ - +

TBD

 - +

TBD

This control associated with hardware components within AWS is generally either @@ -822,9 +822,9 @@ - +

TBD

 - +

TBD

This control associated with hardware components within AWS is generally either @@ -848,9 +848,9 @@ - +

TBD

 - +

TBD

This control associated with hardware components within AWS is generally either @@ -874,9 +874,9 @@ - +

TBD

 - +

TBD

This control associated with hardware components within AWS is generally either @@ -900,9 +900,9 @@ - +

TBD

 - +

TBD

This control associated with hardware components within AWS is generally either @@ -932,9 +932,9 @@ - +

TBD

 - +

TBD

This control associated with hardware components within AWS is generally either @@ -964,9 +964,9 @@ - +

TBD

 - +

TBD

This control associated with hardware components within AWS is generally either @@ -990,9 +990,9 @@ - +

TBD

 - +

TBD

This control associated with hardware components within AWS is generally either @@ -1022,9 +1022,9 @@ - +

TBD

 - +

TBD

This control associated with hardware components within AWS is generally either @@ -1054,9 +1054,9 @@ - +

TBD

 - +

TBD

This control associated with hardware components within AWS is generally either @@ -1080,9 +1080,9 @@ - +

TBD

 - +

TBD

This control associated with hardware components within AWS is generally either @@ -1106,9 +1106,9 @@ - +

TBD

 - +

TBD

This control associated with hardware components within AWS is generally either @@ -1139,9 +1139,9 @@ - +

TBD

 - +

TBD

This control associated with hardware components within AWS is generally either @@ -1165,9 +1165,9 @@ - +

TBD

 - +

TBD

This control associated with hardware components within AWS is generally either @@ -1203,9 +1203,9 @@ - +

TBD

 - +

TBD

This control associated with hardware components within AWS is generally either @@ -1244,9 +1244,9 @@ - +

TBD

 - +

TBD

This control associated with hardware components within AWS is generally either @@ -1270,9 +1270,9 @@ - +

TBD

 - +

TBD

This control associated with hardware components within AWS is generally either @@ -1308,9 +1308,9 @@ - +

TBD

 - +

TBD

This control associated with hardware components within AWS is generally either @@ -1346,9 +1346,9 @@ - +

TBD

 - +

TBD

This control associated with hardware components within AWS is generally either @@ -1372,9 +1372,9 @@ - +

TBD

 - +

TBD

This control associated with hardware components within AWS is generally either @@ -1411,9 +1411,9 @@ - +

TBD

 - +

TBD

This control associated with hardware components within AWS is generally either @@ -1437,9 +1437,9 @@ - +

TBD

 - +

TBD

This control associated with hardware components within AWS is generally either @@ -1476,9 +1476,9 @@ - +

TBD

 - +

TBD

This control associated with hardware components within AWS is generally either @@ -1502,9 +1502,9 @@ - +

TBD

 - +

TBD

This control associated with hardware components within AWS is generally either @@ -1528,9 +1528,9 @@ - +

TBD

 - +

TBD

This control associated with hardware components within AWS is generally either @@ -1554,9 +1554,9 @@ - +

TBD

 - +

TBD

This control associated with hardware components within AWS is generally either @@ -1586,9 +1586,9 @@ - +

TBD

 - +

TBD

This control associated with hardware components within AWS is generally either @@ -1624,9 +1624,9 @@ - +

TBD

 - +

TBD

This control associated with hardware components within AWS is generally either @@ -1650,9 +1650,9 @@ - +

TBD

 - +

TBD

This control associated with hardware components within AWS is generally either @@ -1682,9 +1682,9 @@ - +

TBD

 - +

TBD

This control associated with hardware components within AWS is generally either @@ -1716,9 +1716,9 @@ - +

TBD

 - +

TBD

This control associated with hardware components within AWS is generally either @@ -1750,9 +1750,9 @@ - +

TBD

 - +

TBD

This control associated with hardware components within AWS is generally either @@ -1793,9 +1793,9 @@ - +

TBD

 - +

TBD

This control associated with hardware components within AWS is generally either @@ -1824,9 +1824,9 @@ - +

TBD

 - +

TBD

This control associated with hardware components within AWS is generally either @@ -1865,9 +1865,9 @@ - +

TBD

 - +

TBD

This control associated with hardware components within AWS is generally either @@ -1891,9 +1891,9 @@ - +

TBD

 - +

TBD

This control associated with hardware components within AWS is generally either @@ -1927,9 +1927,9 @@ - +

TBD

 - +

TBD

This control associated with hardware components within AWS is generally either @@ -1953,9 +1953,9 @@ - +

TBD

 - +

TBD

This control associated with hardware components within AWS is generally either @@ -1979,9 +1979,9 @@ - +

TBD

 - +

TBD

This control associated with hardware components within AWS is generally either @@ -2005,9 +2005,9 @@ - +

TBD

 - +

TBD

This control associated with hardware components within AWS is generally either @@ -2065,9 +2065,9 @@ - +

TBD

 - +

TBD

This control associated with hardware components within AWS is generally either @@ -2091,9 +2091,9 @@ - +

TBD

 - +

TBD

This control associated with hardware components within AWS is generally either @@ -2117,9 +2117,9 @@ - +

TBD

 - +

TBD

This control associated with hardware components within AWS is generally either @@ -2143,9 +2143,9 @@ - +

TBD

 - +

TBD

This control associated with hardware components within AWS is generally either @@ -2169,9 +2169,9 @@ - +

TBD

 - +

TBD

This control associated with hardware components within AWS is generally either @@ -2195,9 +2195,9 @@ - +

TBD

 - +

TBD

This control associated with hardware components within AWS is generally either @@ -2221,9 +2221,9 @@ - +

TBD

 - +

TBD

This control associated with hardware components within AWS is generally either @@ -2256,9 +2256,9 @@ - +

TBD

 - +

TBD

This control associated with hardware components within AWS is generally either @@ -2293,9 +2293,9 @@ - +

TBD

 - +

TBD

This control associated with hardware components within AWS is generally either @@ -2324,9 +2324,9 @@ - +

TBD

 - +

TBD

This control associated with hardware components within AWS is generally either @@ -2362,9 +2362,9 @@ - +

TBD

 - +

TBD

This control associated with hardware components within AWS is generally either @@ -2388,9 +2388,9 @@ - +

TBD

 - +

TBD

This control associated with hardware components within AWS is generally either @@ -2414,9 +2414,9 @@ - +

TBD

 - +

TBD

This control associated with hardware components within AWS is generally either @@ -2446,9 +2446,9 @@ - +

TBD

 - +

TBD

This control associated with hardware components within AWS is generally either @@ -2480,9 +2480,9 @@ - +

TBD

 - +

TBD

This control associated with hardware components within AWS is generally either @@ -2518,9 +2518,9 @@ - +

TBD

 - +

TBD

This control associated with hardware components within AWS is generally either @@ -2544,9 +2544,9 @@ - +

TBD

 - +

TBD

This control associated with hardware components within AWS is generally either @@ -2576,9 +2576,9 @@ - +

TBD

 - +

TBD

This control associated with hardware components within AWS is generally either @@ -2607,9 +2607,9 @@ - +

TBD

 - +

TBD

This control associated with hardware components within AWS is generally either @@ -2642,9 +2642,9 @@ - +

TBD

 - +

TBD

This control associated with hardware components within AWS is generally either @@ -2668,9 +2668,9 @@ - +

TBD

 - +

TBD

This control associated with hardware components within AWS is generally either @@ -2694,9 +2694,9 @@ - +

TBD

 - +

TBD

This control associated with hardware components within AWS is generally either @@ -2729,9 +2729,9 @@ - +

TBD

 - +

TBD

This control associated with hardware components within AWS is generally either @@ -2760,9 +2760,9 @@ - +

TBD

 - +

TBD

This control associated with hardware components within AWS is generally either @@ -2791,9 +2791,9 @@ - +

TBD

 - +

TBD

This control associated with hardware components within AWS is generally either @@ -2822,9 +2822,9 @@ - +

TBD

 - +

TBD

This control associated with hardware components within AWS is generally either @@ -2859,9 +2859,9 @@ - +

TBD

 - +

TBD

This control associated with hardware components within AWS is generally either @@ -2896,9 +2896,9 @@ - +

TBD

 - +

TBD

This control associated with hardware components within AWS is generally either @@ -2927,9 +2927,9 @@ - +

TBD

 - +

TBD

This control associated with hardware components within AWS is generally either @@ -2965,9 +2965,9 @@ - +

TBD

 - +

TBD

This control associated with hardware components within AWS is generally either @@ -2991,9 +2991,9 @@ - +

TBD

 - +

TBD

This control associated with hardware components within AWS is generally either @@ -3023,9 +3023,9 @@ - +

TBD

 - +

TBD

This control associated with hardware components within AWS is generally either @@ -3054,9 +3054,9 @@ - +

TBD

 - +

TBD

This control associated with hardware components within AWS is generally either @@ -3088,9 +3088,9 @@ - +

TBD

 - +

TBD

This control associated with hardware components within AWS is generally either @@ -3122,9 +3122,9 @@ - +

TBD

 - +

TBD

This control associated with hardware components within AWS is generally either @@ -3157,9 +3157,9 @@ - +

TBD

 - +

TBD

This control associated with hardware components within AWS is generally either @@ -3183,9 +3183,9 @@ - +

TBD

 - +

TBD

This control associated with hardware components within AWS is generally either @@ -3209,9 +3209,9 @@ - +

TBD

 - +

TBD

This control associated with hardware components within AWS is generally either @@ -3244,9 +3244,9 @@ - +

TBD

 - +

TBD

This control associated with hardware components within AWS is generally either diff --git a/oscal-content/xml/ssp/blossom_admin_member_ssp.xml b/oscal-content/xml/ssp/blossom_admin_member_ssp.xml index 8531014..cf331b4 100644 --- a/oscal-content/xml/ssp/blossom_admin_member_ssp.xml +++ b/oscal-content/xml/ssp/blossom_admin_member_ssp.xml @@ -7,42 +7,67 @@ 2024-03-27T00:00:00Z 0.1 1.1.2 + System Owner (SO) -

The individual within the organization who is ultimately accountable for everything related to the deployment, assessemnt, authorization and operations of the Blossom Member which provides the software assets leasing service (here in known as "this system").

+

The individual within the organization who is ultimately accountable for + everything related to the deployment, assessemnt, authorization and operations + of the Blossom Member which provides the software assets leasing service (here + in known as "this system").

 - - License Owner (LO) + + System Administrator (SA) -

The individual within the service provider organization who is accountable for managing the pool of software resources made available for leasing to USG agencies.

-

The License Owner role exists only within the service provider agency.

+

The individual accountable for the deployment, configuration, testing and + operations of the system on behalf of the System Owner.

 - - Authorizing Official + + System Security Assessor (SSA) -

The individual or individuals who are ultimatly accountable for reviewing the assessemnt package, discuss with the SO the findings and grant an authorization to operate (ATO) to "this system".

-

The Authorizing Official is the only entity responsible for the security posture of the system that gets access to the ATO channel (chainecode). The AO signs the MOU on behalf of the agency.

+

The individual accountable for assessing the security posture of the system on + behalf of the system owner.

 - - System Security Assessor (SSA) + + Authorizing Official -

The individual accountable for assessing the security posture of the system on behalf of the system owner.

+

The individual or individuals who are ultimatly accountable for reviewing the + assessemnt package, discuss with the SO the findings and grant an authorization + to operate (ATO) to Blosom, a.ka "this system".

+

The Authorizing Official is the only entity responsible for the security posture + of the system and has access to the ATO channel (chaincode) to upload the ATO Attestation Memo (AAM). + The AO signs the AAM on behalf of the agency.

 + Technical Point of Contact (TPOC) -

The individual accountable for managing leased licenses (checkout, install, uninstall, return).

+

The individual accountable for managing leased licenses (checkout, install, + uninstall, return).

 - - System Administrator (SA) + + License Owner (LO) + +

The individual within the service provider organization who is accountable for + managing the pool of software resources made available for leasing to USG + agencies.

+

The License Owner role exists only within the service provider agency.

+ + + + Acquisition Officer -

The individual accountable for the deployment, configuration, testing and operations of the system on behalf of the System Owner.

+

The individual within the Agency which is responsible for approving and + processing the payment of the leased pool of software licenses.

 @@ -86,18 +111,22 @@ Stan Owens + + blossom@nist.gov 8aed7ffd-5158-445d-8d7c-eec5cf240cba - - Licenta Owens - + + ManoGiana Bloom + blossom@nist.gov 8aed7ffd-5158-445d-8d7c-eec5cf240cba - - Aurelian Officman - + + Simmon Admino + + + blossom@nist.gov 1ef39fd9-d184-44c4-8ef4-36d2dbad70a2 8aed7ffd-5158-445d-8d7c-eec5cf240cba @@ -105,59 +134,113 @@ Steve S. Asesoro + + blossom@nist.gov 1ef39fd9-d184-44c4-8ef4-36d2dbad70a2 8aed7ffd-5158-445d-8d7c-eec5cf240cba - - Tom Poc - + + + Aurelian Officeman + + + blossom@nist.gov 1ef39fd9-d184-44c4-8ef4-36d2dbad70a2 8aed7ffd-5158-445d-8d7c-eec5cf240cba - - Simon Admino - + + Licenta Owens + + + blossom@nist.gov - 1ef39fd9-d184-44c4-8ef4-36d2dbad70a2 8aed7ffd-5158-445d-8d7c-eec5cf240cba - - ManoGiana Bloom - + + Acquia Officiale + + + blossom@nist.gov 8aed7ffd-5158-445d-8d7c-eec5cf240cba + + Tom Pock + + + + blossom@nist.gov + 1ef39fd9-d184-44c4-8ef4-36d2dbad70a2 + 8aed7ffd-5158-445d-8d7c-eec5cf240cba + + + 09ad840f-aa79-43aa-9f22-25182c2ab11b 551b9706-d6a4-4d25-8207-f2ccec541016 - - 51588d7c-aa79-43aa-9f22-25182c2cd22d - 551b9706-d6a4-4d25-8207-f2ccec541016 - - - 3360e343-9860-4bda-9dfc-ff427c3dfab6 + + 4fded5fd-7a65-47ea-bd76-df57c46e27d1 + +

This party has development, deployment, configuration and operations + responsibilities for "this system" supporting the system owner.

+ + 132953a9-640c-46f7-9de9-3fa15ec99361 -

The party responsible to assess the security controls on behalf of the system owner.

+

The party responsible to assess the security controls on behalf of the system + owner.

+ + + + + + 51588d7c-aa79-43aa-9f22-25182c2cd22d + +

The license owner is responsible for managing the licenses a Blossom Member leases, and is also responsible for uploading to the asset chaincode the MOA signed by the TPOC and Acquisition Officer.

 + c46e27d1-7a65-47ea-bd76-df574fded5fd -

Manages leased liceses for the agency and is responsible to checkout, install, uninstall and return licenses to the pool for each order the agency places.

+

Interfaces with the other agencies and need only read access to the ledger to review the assets (licenses) processed.

+

The TPOC is also responsible for reviewing and signing the initial Memorandum of Aggrement (MOA) stating the rules on engagemnet whith Blossom service around ATO automation and assets leasing.

 - - 4fded5fd-7a65-47ea-bd76-df57c46e27d1 + + c46e27d1-7a65-47ea-bd76-df574fded5fd -

This party has development, deployment, configuration and operations responsibilities for "this system" supporting the system owner.

+

Interfaces with the other agencies and need only read access to the ledger to review the assets (licenses) processed.

 + + + + 3360e343-9860-4bda-9dfc-ff427c3dfab6 +

This SSP was created using a simplified version of OSCAL-based FedRAMP SSP Template for the FedRAMP Low, Moderate, and High baselines.

@@ -508,7 +591,9 @@

A diagram-specific explanation.

 - + Data Flow Diagram @@ -516,7 +601,7 @@ AWS Managed Blockchain (AMB) - + e63e870d-bf43-40dc-98a0-37d5e39b2dd1 2024-01-01 @@ -534,18 +619,45 @@ System Administrator - + system-administrator Full administrative access rights - add and remove users and hardware + add and remove users, software-name and hardware install and configure deployments system updates, patches and hotfixes perform backups + + System Owner + + + + system-owner + + Privileged access rights + add and remove users, software-name and hardware + install and configure deployments + system updates, patches and hotfixes + perform backups + + + + System Security Assessor + + + + sys-sec-assessor + + Non-privileged access rights (read only) + review system documentation and security configurations + review if system updates, patches and hotfixes are documented and successfully completed + review disaster recovery procedures and system backups existance + + This System @@ -562,7 +674,9 @@ - + @@ -581,12 +695,13 @@ -

FedRAMP SSP Template Section 13

+

This is a palceholder for the FedRAMP SSP Template Section 13

This description field is required by OSCAL.

FedRAMP does not require any specific information here.

 - - + + -

AMB provides access control to the infrastracter for the entities identified below. The Consumer's responsibility is to update the ACL ith the identities authorized to access the resource.

+

Per the documentation available in the Blossom Wiki, the AWS Managed + Blockchain (AMB) provides access control to the infrastracture for the + entities identified below which require access to IaaS to maintain and + deploy system components. The blockchain's chaincode is implementing Next + Generation Access Control (NGAC) standard to manage the access to resources + for the roles docuemnted in the Blossom specification. Access control policy + machines are implemented for the two private channels of the AMB: the ATO or + "Authorization" channel and the "Businness" channel.

 - - + --> + + + + have an organization-sponsored email address to demonstrate employment,complete training, and have been approved by the System Owner based on the business need of the individual + + + Access tagging + + + Accounts Manager(s): System Owner and Program Manager. + + + Organizational access control policies, standards and procedures, as documented in the AC-02.a statement implementation (statement-id="ac-2_smt.a", uuid="24a85abb-25ad-4686-850c-5c0e8ab69a0c"). + + + + System Administrator + + + 1 business day + + + within one hour + + + within openxmlformats-officedocument hours + + + + need to know + + + every 6 months or when a change takes place + 4fded5fd-7a65-47ea-bd76-df57c46e27d1 09ad840f-aa79-43aa-9f22-25182c2ab11b - - + + -

The NGAC implementation in the two chaincodes manages the access control for the Blossom business layer users and the BC Member's ATO-related accounts.

+

For the IAM entities that have a business need, and which have accounts created in Cognito, the Policy machines which implement NGAC in the two chaincodes are managing the access control for the Blossom business layer users and the BC Member's Authorizing Official that is uploading the ATO Attestation to the Authorization channel.

 - - business need - - - business need - - - System Owner (SO) - - - Types of User Accounts for Blossom - - - System Owner (SO) - - - 1 business day - - - 1 business day - - - 1 business day - - - System Owner (SO) - - - every 6 months - + + +

The Blossom system's System Owner and System Administrator are repsonsible for approving, creating and managing accounts and grant or denie access to the system by maintaining accurate information in Cognito and updating the access control policies access control lists (ACLs).

+ + + + + +

AWS manages the access to approved entities to the system's infrastructure, for deployment, maintenance, and operations.

+ + + +

Keep the ACL list current at all times.

+ + @@ -764,18 +911,21 @@

These accounts are managed by the NGAC implementation in the chaincodes for the ATO and for the assets management (business) processes.

The following accounts are supported for the business operations (assets management):

    -
  • Privileged accounts: -
      License Owner (LO)
    +
  • Privileged accounts: +
      License Owner
    • -
  • Non-Privileged accounts: -
      Acquisition Officer (ACQ)
    -
      Technical Point of Contact (TPOC)
    +
  • Non-Privileged accounts: +
      Acquisition Officer
    +
      Technical Point of Contact
-

The following account is supported for the ATO process (ATO attestation submission and review of other Blossom members):

+

The Authorizing Official is responsible for reviewing the ATO package prepared by the System Owner and signing/authorizing the system to operate.

+

The System Owner remains the custodian of all system ATO related artifacts.

+

Upon approval, the Authorizing official is responsible for automatically generating the ATO attestation and uploading it to the ATO channel.

+

The following account is supported for the ATO processes.

    -
  • Non-Privileged accounts: -
      Authorizing Official (AO)
    +
  • Privileged accounts: +
      Authorizing Official
@@ -784,15 +934,20 @@ -

The accounts of the Blossom Member managed by the Leveraged AWS IaaS are:

+

The following accounts of the NIST Member of the Blossom System are managed by the Leveraged AWS IaaS:

    -
  • Privileged accounts: -
      System Owner (SO)
    -
      System Administrator (SA)
    +
  • Privileged accounts: +
      System Owner
    +
      System Administrator
    • -
  • Non-Privileged accounts: -
      System Security Assessor (SSA)
    -
      Authorizing Official (AO)
    +
  • Non-Privileged accounts: +
      System Security Assessor
    +
@@ -800,13 +955,21 @@ provided-uuid="11111111-0000-4000-9009-002001002001">

TBD: provided-uuid needs to match the one in the AWS' SSP.

-

All privileged and non-privileged accounts that are granted access to the AWS infrastructure and are responsible for the Blossom member (this sysstem), are managed by the AWS IaaS (leveraged ATO system) which uses an Access Control List (ACL) for the NIST employees assigned Blossom roles.

+

All privileged and non-privileged accounts that are granted access to + the AWS infrastructure and are responsible for the Blossom System deployment and maintenance + (this system), are managed by the AWS IaaS (leveraged ATO system) + which uses an Access Control List (ACL) for the NIST employees + assigned Blossom roles.

 -

For all responsible parties with roles managed by the AWS IaaS system, accounts creation/deletion are requested, approved/revoked by the System Owner or the Blossom PM and are added to or delete from the ACL list.

+

The Access Control List (ACL) updates are Blossom system's responsibility (as customers of AWS) + For all roles listed above which are managed by the AWS IaaS + system, account creation/revokation/deletion requests are approved + by the Blossom system's System Owner or the Program Manager and are added to or delete + from the ACL list by the System Administrator.

 @@ -815,7 +978,9 @@ -

Assign account managers

+

For this system, the entity with the System Administrator role + acts as the Accounts Manager and is responsible for creating, + revoking, deleting accounts per decisions made by the System Owner and the Program Manager.

 @@ -823,7 +988,11 @@ -

Require [Assignment: organization-defined prerequisites and criteria] for group and role membership;

+ +

For each identified role, access to the system for each role will be individually + analyzed and granted if the requesters proves they + for the respective group and role membership.

 @@ -831,7 +1000,10 @@ -

Specify:

+

1. All authorized users are listed and accuratelly maintained in this SSP in the "metadata", as "party" elements of type="person".

+

2. All roles supported by the Blossom system are documented in this SSP in the "metadata", as "role" elements with "id" identifying the role. + This system does not support groups.

+

3. All access authorizations are documented in this SSP in the "metadata" as "responsible-party" with "role-id" mathing the respective roles or attributes.

 @@ -839,7 +1011,7 @@ -

Authorized users of the system

+

Authorized Blossom users are documented in the Blossom SSP.

 @@ -856,7 +1028,8 @@ uuid="37e94c9b-acb8-458f-8a95-c1d110ead856">

Access authorizations (i.e., privileges) and [Assignment: organization-defined attributes (as required)] for each account;

+ id-ref="ac-02_odp.0_2" />[Assignment: organization-defined attributes + (as required)] for each account;

 @@ -864,7 +1037,7 @@ -

Require approvals by [Assignment: organization-defined personnel or roles] for requests to create accounts;

+

Request to create accounts are approved by the System Owner and the Program Manager;

@@ -872,8 +1045,8 @@ -

Create, enable, modify, disable, and remove accounts in accordance with [Assignment: organization-defined policy, procedures, prerequisites, and criteria];

+

Blossom user accounts are created, enabled, modified, disabled, and removed according to the types of Blossom accounts (privileged or non-privileged);

 @@ -889,7 +1062,7 @@ -

Notify account managers and [Assignment: organization-defined personnel or roles] within:

+

Account managers, System Owner, and Program Manager are notified within:

 @@ -897,7 +1070,7 @@ -

Notify account managers and [Assignment: system owner] within:[Assignment: 1 business day] when accounts are no longer required;

+

Account managers, System Owner, and Program Manager are notified within1 business day when accounts are no longer required;

 @@ -905,7 +1078,8 @@ -

[Assignment: organization-defined time period] when users are terminated or transferred;

+

within 1 business day when users are terminated or + transferred;

@@ -913,7 +1087,8 @@ -

[Assignment: organization-defined time period] when system usage or need-to-know changes for an individual;

+

within 1 business day when system usage or need-to-know + changes for an individual;

 @@ -921,7 +1096,7 @@ -

Authorize access to the system based on:

+

System access authorization is based on:

 @@ -945,7 +1120,7 @@ -

[Assignment: organization-defined attributes (as required)];

+

Business need of the individual;

 @@ -953,8 +1128,8 @@ -

Review accounts for compliance with account management requirements [Assignment: organization-defined frequency];

+

Accounts are reviewed for compliance with account management requirements every 6 months.;

 @@ -962,7 +1137,7 @@ -

Establish and implement a process for changing shared or group account authenticators (if deployed) when individuals are removed from the group;

+

There are no group or shared accounts created for accessing Blossom;

 @@ -970,13 +1145,24 @@ -

Align account management processes with personnel termination and transfer processes.

+

All Blossom user accounts are updated by the system administrator when they are terminated or are transferred where their Blossom account is not required.

 + + +

Blossom Wiki

+ + + +

Project's Wiki which provides descriptions for the ATO and business processes.

+ +

National Institute of Standards and Technology's Logo