Missing Assessment Objectives and no "response-point" props in the LI-SaaS baseline #597
Open
1 of 12 tasks
Labels
bug
Something isn't working
This relates to ...
What happened?
There are no "response-point" prop elements in the LI-SaaS baseline for assessment-objectives. For the 3 other baselines, there are "response-point" flags in both the control statements and assessment-objectives. These were very helpful for tailoring/aggregating the assessment objectives and I wasn't quite sure why there weren't included for LI-SaaS.
There are also a few controls that have no associated assessment-objectives in LI-SaaS: IA-02(02), IA-07, and RA-02
Additionally, AC-02 has an assessment-objective that is not defined in the NIST 800-53 catalog, and this is the only instance of an "_fr" objective in all of the baselines:
Relevant log output
No response
How do we replicate this issue?
Review the mentioned sections of the LI-SaaS baseline.
Where, exactly?
The OSCAL LI-SaaS baseline resolved profile:
dist/content/rev5/baselines/xml/FedRAMP_rev5_LI-SaaS-baseline-resolved-profile_catalog.xml
Other relevant details
We are looking for "response-point" props to be added to the LI-SaaS baseline, similarly to the other 3 baselines. If these were excluded for a reason, could you help us understand why?
The text was updated successfully, but these errors were encountered: