This repository was archived by the owner on Jul 1, 2025. It is now read-only.
This repository was archived by the owner on Jul 1, 2025. It is now read-only.
Modify frr295 constraint requiring 'this-system' by-component #1219
Description
This is a ...
request - need something additional provided
This relates to ...
- the FedRAMP SSP OSCAL Template (JSON or XML Format)
- the FedRAMP OSCAL Validations
What is your feedback?
The frr295 constraint requires every control statement to have a by-component that links back to the this-system component. In the case that a statement is fully inherited, and there is no implementation local to this-system, I don't think this constraint should be enforced.
Im wondering if the constraint can be modified to require there be at least 1 by-component for each statement, rather than each statement requiring a this-system by-component. Please let me know your thoughts on this, or if you think this should be handled/represented a different way.
Acceptance Criteria
- Revert frr295 #1223
- Update documentation to explain requirement to be "one component must be used and this system should be the catch-all for all control implementation that is leveraged or inherited without 'this system' layer of controls."
Where, exactly?
- OSCAL SSP v1.1.3
- oscal-cli v2.4.0
- up-to-date FedRAMP constraints
Other information
No response
Metadata
Metadata
Assignees
Type
Projects
Status