Research Effort: A model is needed for customer responsibilities that does not expose the SSP.
Compton-US opened this issue · 1 comments
Compton-US commented
OSCAL SSP authors need the ability to export content from a full SSP, suitable for customers to import into another SSP, without exposing all content of the full SSP. At a minimum, this exported content should include customer responsibility statements associated with components and control definition statements. When the SSP author uses optional syntax to define customer-consumable content about what is inherited, this content must also be included.
-
Informal discussion and feedback can be shared here: #13
Compton-US commented