usnistgov/OSCAL-DEFINE

Research Effort: A model is needed for customer responsibilities that does not expose the SSP.

Compton-US opened this issue · 1 comments

OSCAL SSP authors need the ability to export content from a full SSP, suitable for customers to import into another SSP, without exposing all content of the full SSP. At a minimum, this exported content should include customer responsibility statements associated with components and control definition statements. When the SSP author uses optional syntax to define customer-consumable content about what is inherited, this content must also be included.