Research Effort: A model is needed for customer responsibilities that does not expose the SSP.

[Compton-US]

OSCAL SSP authors need the ability to export content from a full SSP, suitable for customers to import into another SSP, without exposing all content of the full SSP. At a minimum, this exported content should include customer responsibility statements associated with components and control definition statements. When the SSP author uses optional syntax to define customer-consumable content about what is inherited, this content must also be included.

• Original Issue

• Informal discussion and feedback can be shared here: #13

[Compton-US]

I have a draft started here:
https://github.com/Compton-NIST/OSCAL-DEFINE/blob/spiral-3-effort-issue-5/research-2023/effort-responsibility-sharing/2023-03-08.003.md